xmrig | 00bc7729dc5e6d91981f5c63a90410641bd6326e62faea8e510d04cd74bd916a

Analysis

max time kernel
91s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

794e64051d94e342d37847a6c5e54110N.exe
Size

1.2MB
MD5

794e64051d94e342d37847a6c5e54110
SHA1

842e6a1d6da2f0e772b0404db602912785d9ae92
SHA256

00bc7729dc5e6d91981f5c63a90410641bd6326e62faea8e510d04cd74bd916a
SHA512

ec6e430586a7f86c881a7c2bce33dc7a04882ca2af9de5419bdc9d3450b6acf8e6761bff620a6b512142379eb14779b18fc66b7bbb2f052bdf965d4215eb193f
SSDEEP

24576:zv3/fTLF671TilQFG4P5PMkUCCWvLEvjhnXwx8/2Pbx/mbvF8T:Lz071uv4BPMkHC0IlnASEx/4I

Score

10^/10

xmrig execution miner upx

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig

XMRig Miner payload 36 IoCs

miner

resource	yara_rule
behavioral2/memory/3024-784-0x00007FF645770000-0x00007FF645B62000-memory.dmp	xmrig
behavioral2/memory/1684-1702-0x00007FF78DA90000-0x00007FF78DE82000-memory.dmp	xmrig
behavioral2/memory/2384-1694-0x00007FF7F4840000-0x00007FF7F4C32000-memory.dmp	xmrig
behavioral2/memory/4368-1589-0x00007FF6790D0000-0x00007FF6794C2000-memory.dmp	xmrig
behavioral2/memory/5112-959-0x00007FF689A30000-0x00007FF689E22000-memory.dmp	xmrig
behavioral2/memory/3104-731-0x00007FF754F10000-0x00007FF755302000-memory.dmp	xmrig
behavioral2/memory/2080-714-0x00007FF60FC20000-0x00007FF610012000-memory.dmp	xmrig
behavioral2/memory/4072-607-0x00007FF700E40000-0x00007FF701232000-memory.dmp	xmrig
behavioral2/memory/2472-515-0x00007FF7E7460000-0x00007FF7E7852000-memory.dmp	xmrig
behavioral2/memory/5040-403-0x00007FF784690000-0x00007FF784A82000-memory.dmp	xmrig
behavioral2/memory/4772-398-0x00007FF6B96F0000-0x00007FF6B9AE2000-memory.dmp	xmrig
behavioral2/memory/5016-303-0x00007FF73D4D0000-0x00007FF73D8C2000-memory.dmp	xmrig
behavioral2/memory/4960-225-0x00007FF7C2B00000-0x00007FF7C2EF2000-memory.dmp	xmrig
behavioral2/memory/820-176-0x00007FF6DB9D0000-0x00007FF6DBDC2000-memory.dmp	xmrig
behavioral2/memory/4004-117-0x00007FF6EFFB0000-0x00007FF6F03A2000-memory.dmp	xmrig
behavioral2/memory/3332-3029-0x00007FF76FF70000-0x00007FF770362000-memory.dmp	xmrig
behavioral2/memory/2460-3031-0x00007FF7EAD70000-0x00007FF7EB162000-memory.dmp	xmrig
behavioral2/memory/4500-3033-0x00007FF751290000-0x00007FF751682000-memory.dmp	xmrig
behavioral2/memory/4004-3041-0x00007FF6EFFB0000-0x00007FF6F03A2000-memory.dmp	xmrig
behavioral2/memory/2080-3049-0x00007FF60FC20000-0x00007FF610012000-memory.dmp	xmrig
behavioral2/memory/228-3047-0x00007FF67E270000-0x00007FF67E662000-memory.dmp	xmrig
behavioral2/memory/4772-3052-0x00007FF6B96F0000-0x00007FF6B9AE2000-memory.dmp	xmrig
behavioral2/memory/2472-3054-0x00007FF7E7460000-0x00007FF7E7852000-memory.dmp	xmrig
behavioral2/memory/820-3046-0x00007FF6DB9D0000-0x00007FF6DBDC2000-memory.dmp	xmrig
behavioral2/memory/3272-3039-0x00007FF7633E0000-0x00007FF7637D2000-memory.dmp	xmrig
behavioral2/memory/4544-3044-0x00007FF7E1A00000-0x00007FF7E1DF2000-memory.dmp	xmrig
behavioral2/memory/5016-3037-0x00007FF73D4D0000-0x00007FF73D8C2000-memory.dmp	xmrig
behavioral2/memory/4960-3036-0x00007FF7C2B00000-0x00007FF7C2EF2000-memory.dmp	xmrig
behavioral2/memory/4072-3061-0x00007FF700E40000-0x00007FF701232000-memory.dmp	xmrig
behavioral2/memory/3024-3072-0x00007FF645770000-0x00007FF645B62000-memory.dmp	xmrig
behavioral2/memory/3104-3084-0x00007FF754F10000-0x00007FF755302000-memory.dmp	xmrig
behavioral2/memory/5112-3071-0x00007FF689A30000-0x00007FF689E22000-memory.dmp	xmrig
behavioral2/memory/4368-3067-0x00007FF6790D0000-0x00007FF6794C2000-memory.dmp	xmrig
behavioral2/memory/5040-3089-0x00007FF784690000-0x00007FF784A82000-memory.dmp	xmrig
behavioral2/memory/2384-3087-0x00007FF7F4840000-0x00007FF7F4C32000-memory.dmp	xmrig
behavioral2/memory/1684-3086-0x00007FF78DA90000-0x00007FF78DE82000-memory.dmp	xmrig

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
1088	powershell.exe

Executes dropped EXE 64 IoCs

pid	Process
3332	wYfWuMl.exe
4500	sZBBWQo.exe
2460	kVdVpii.exe
228	wLryfkU.exe
3272	JQMMCDw.exe
4004	hfiXOUO.exe
4544	LKjpvlN.exe
820	JxoRSoQ.exe
4960	zsmFYuM.exe
5016	hdHKOUb.exe
4772	SykaDMl.exe
4156	YClLALQ.exe
5040	aPtgjPB.exe
2472	QHafDmq.exe
4556	lEmOBSl.exe
4072	dSqvMDM.exe
2080	sPkLEVB.exe
3104	VXIkcrQ.exe
3024	xDrMtCh.exe
5112	boWzGJg.exe
4368	qpvkIFp.exe
3468	JFmahgI.exe
2384	NqsZfWr.exe
1684	XVROzEf.exe
3472	ljChSoi.exe
4816	XRiFAFV.exe
3712	TQzPMjK.exe
2200	Azgcaqw.exe
4692	rOZXBdN.exe
4564	RxpTJjY.exe
3672	ImPGUbU.exe
4068	QjimYTz.exe
2076	QyspqFd.exe
4360	GTvdirp.exe
1108	vKcRdXW.exe
4188	bRhFvby.exe
2052	cXOXSQo.exe
548	sqcmgPA.exe
4824	rcwhLlh.exe
2596	zSgoUfQ.exe
3212	CagTzoj.exe
5008	hSoFMAa.exe
4116	hvoJkzl.exe
1052	OfSQYtS.exe
4416	qtvTHSv.exe
1652	RXxqxxS.exe
452	ATGFWzA.exe
1588	ZtxfWnm.exe
4668	AsUPjpb.exe
636	jVietmE.exe
1756	bDHiNGb.exe
2992	CDZKAHw.exe
2736	psaVoyD.exe
3288	iwrFQvn.exe
4364	aJRpXqC.exe
4676	uwRLjvU.exe
2060	PHormYZ.exe
4196	ietkHbo.exe
1724	hvhInoP.exe
3724	hAgpjCy.exe
2240	ErohMVm.exe
3300	xFvFwZd.exe
1760	ZVLIWCD.exe
3932	IqVCEea.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/4448-0-0x00007FF7563A0000-0x00007FF756792000-memory.dmp	upx
behavioral2/files/0x0007000000023438-7.dat	upx
behavioral2/memory/3332-16-0x00007FF76FF70000-0x00007FF770362000-memory.dmp	upx
behavioral2/files/0x0007000000023442-60.dat	upx
behavioral2/files/0x000700000002343e-95.dat	upx
behavioral2/memory/3024-784-0x00007FF645770000-0x00007FF645B62000-memory.dmp	upx
behavioral2/memory/1684-1702-0x00007FF78DA90000-0x00007FF78DE82000-memory.dmp	upx
behavioral2/memory/2384-1694-0x00007FF7F4840000-0x00007FF7F4C32000-memory.dmp	upx
behavioral2/memory/4368-1589-0x00007FF6790D0000-0x00007FF6794C2000-memory.dmp	upx
behavioral2/memory/5112-959-0x00007FF689A30000-0x00007FF689E22000-memory.dmp	upx
behavioral2/memory/3104-731-0x00007FF754F10000-0x00007FF755302000-memory.dmp	upx
behavioral2/memory/2080-714-0x00007FF60FC20000-0x00007FF610012000-memory.dmp	upx
behavioral2/memory/4072-607-0x00007FF700E40000-0x00007FF701232000-memory.dmp	upx
behavioral2/memory/2472-515-0x00007FF7E7460000-0x00007FF7E7852000-memory.dmp	upx
behavioral2/memory/5040-403-0x00007FF784690000-0x00007FF784A82000-memory.dmp	upx
behavioral2/memory/4772-398-0x00007FF6B96F0000-0x00007FF6B9AE2000-memory.dmp	upx
behavioral2/memory/5016-303-0x00007FF73D4D0000-0x00007FF73D8C2000-memory.dmp	upx
behavioral2/memory/4960-225-0x00007FF7C2B00000-0x00007FF7C2EF2000-memory.dmp	upx
behavioral2/files/0x0007000000023449-193.dat	upx
behavioral2/files/0x0007000000023456-191.dat	upx
behavioral2/files/0x0007000000023462-189.dat	upx
behavioral2/files/0x0007000000023461-188.dat	upx
behavioral2/files/0x000700000002345f-186.dat	upx
behavioral2/files/0x0007000000023451-183.dat	upx
behavioral2/files/0x000700000002345c-182.dat	upx
behavioral2/files/0x000700000002345b-181.dat	upx
behavioral2/files/0x000700000002345a-180.dat	upx
behavioral2/memory/820-176-0x00007FF6DB9D0000-0x00007FF6DBDC2000-memory.dmp	upx
behavioral2/files/0x0007000000023443-168.dat	upx
behavioral2/files/0x0007000000023459-159.dat	upx
behavioral2/files/0x0007000000023458-158.dat	upx
behavioral2/files/0x0007000000023457-157.dat	upx
behavioral2/files/0x0007000000023441-154.dat	upx
behavioral2/files/0x0007000000023454-148.dat	upx
behavioral2/files/0x0007000000023455-147.dat	upx
behavioral2/files/0x0007000000023453-143.dat	upx
behavioral2/files/0x0007000000023440-137.dat	upx
behavioral2/files/0x0007000000023452-136.dat	upx
behavioral2/files/0x0007000000023450-134.dat	upx
behavioral2/files/0x0007000000023448-192.dat	upx
behavioral2/files/0x0007000000023447-129.dat	upx
behavioral2/files/0x0007000000023460-187.dat	upx
behavioral2/files/0x000700000002344f-128.dat	upx
behavioral2/files/0x0007000000023446-127.dat	upx
behavioral2/files/0x000700000002345e-185.dat	upx
behavioral2/files/0x000700000002345d-184.dat	upx
behavioral2/files/0x000700000002343b-123.dat	upx
behavioral2/files/0x000700000002344e-122.dat	upx
behavioral2/files/0x000700000002344d-121.dat	upx
behavioral2/files/0x0007000000023444-179.dat	upx
behavioral2/memory/4004-117-0x00007FF6EFFB0000-0x00007FF6F03A2000-memory.dmp	upx
behavioral2/files/0x000700000002344b-113.dat	upx
behavioral2/files/0x000700000002344a-112.dat	upx
behavioral2/files/0x0007000000023437-89.dat	upx
behavioral2/files/0x0007000000023445-84.dat	upx
behavioral2/files/0x000700000002343a-78.dat	upx
behavioral2/files/0x000700000002344c-120.dat	upx
behavioral2/memory/3272-71-0x00007FF7633E0000-0x00007FF7637D2000-memory.dmp	upx
behavioral2/files/0x000700000002343d-68.dat	upx
behavioral2/memory/228-62-0x00007FF67E270000-0x00007FF67E662000-memory.dmp	upx
behavioral2/files/0x000700000002343f-98.dat	upx
behavioral2/memory/2460-44-0x00007FF7EAD70000-0x00007FF7EB162000-memory.dmp	upx
behavioral2/memory/4500-41-0x00007FF751290000-0x00007FF751682000-memory.dmp	upx
behavioral2/files/0x000700000002343c-51.dat	upx

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	powershell.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\System\cVXViHE.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\dZWyngi.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\IzgDawA.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\YopZOfZ.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\ffoFvNS.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\ohbuxiL.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\lEwSrMT.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\NNWgVgB.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\mAzSPSu.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\HNDShIh.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\PJpcfSQ.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\HyDApRT.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\TLqVXMg.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\esUECOR.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\XrNzOXU.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\otMvAfe.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\joGCctU.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\YLCKePH.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\hqxvKbX.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\dXfBHpB.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\EMunDxD.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\JomKVER.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\GTvdirp.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\LbZFNHR.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\aNsTsGw.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\RceoGGm.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\lajZxtt.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\FesKncc.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\FOjrxNx.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\NPsJVai.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\NkLoVcc.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\KxmPBjF.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\euqKkhC.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\zZqtjNW.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\cyfxFFS.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\LceEbLd.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\LvkKAFA.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\MAwVKzT.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\uAjarkT.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\VJXIBwK.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\rdlJluR.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\oRDCivD.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\tqSpiiS.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\HPpILWr.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\NmWRRtz.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\QBfjjsV.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\GemNXfb.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\ZbZNDdD.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\PNwiVsS.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\bbTdgXW.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\JwNjjhv.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\TQzPMjK.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\NyrMcER.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\rhBtpYL.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\mjMylLf.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\BpfQvNf.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\XohptbK.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\poEkLrZ.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\vQMeeSM.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\LKjpvlN.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\HTVtFGv.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\AbCkCqE.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\nQYNyNW.exe	794e64051d94e342d37847a6c5e54110N.exe
File created	C:\Windows\System\JqbJOEI.exe	794e64051d94e342d37847a6c5e54110N.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	dwm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	dwm.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	dwm.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	dwm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	dwm.exe

Modifies data under HKEY_USERS 18 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	dwm.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates	dwm.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1088	powershell.exe
1088	powershell.exe
1088	powershell.exe
1088	powershell.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	4448	794e64051d94e342d37847a6c5e54110N.exe
Token: SeLockMemoryPrivilege	4448	794e64051d94e342d37847a6c5e54110N.exe
Token: SeDebugPrivilege	1088	powershell.exe
Token: SeCreateGlobalPrivilege	11580	dwm.exe
Token: SeChangeNotifyPrivilege	11580	dwm.exe
Token: 33	11580	dwm.exe
Token: SeIncBasePriorityPrivilege	11580	dwm.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 1088	4448	794e64051d94e342d37847a6c5e54110N.exe	87
PID 4448 wrote to memory of 1088	4448	794e64051d94e342d37847a6c5e54110N.exe	87
PID 4448 wrote to memory of 3332	4448	794e64051d94e342d37847a6c5e54110N.exe	88
PID 4448 wrote to memory of 3332	4448	794e64051d94e342d37847a6c5e54110N.exe	88
PID 4448 wrote to memory of 3272	4448	794e64051d94e342d37847a6c5e54110N.exe	89
PID 4448 wrote to memory of 3272	4448	794e64051d94e342d37847a6c5e54110N.exe	89
PID 4448 wrote to memory of 4500	4448	794e64051d94e342d37847a6c5e54110N.exe	90
PID 4448 wrote to memory of 4500	4448	794e64051d94e342d37847a6c5e54110N.exe	90
PID 4448 wrote to memory of 2460	4448	794e64051d94e342d37847a6c5e54110N.exe	91
PID 4448 wrote to memory of 2460	4448	794e64051d94e342d37847a6c5e54110N.exe	91
PID 4448 wrote to memory of 820	4448	794e64051d94e342d37847a6c5e54110N.exe	92
PID 4448 wrote to memory of 820	4448	794e64051d94e342d37847a6c5e54110N.exe	92
PID 4448 wrote to memory of 228	4448	794e64051d94e342d37847a6c5e54110N.exe	93
PID 4448 wrote to memory of 228	4448	794e64051d94e342d37847a6c5e54110N.exe	93
PID 4448 wrote to memory of 4004	4448	794e64051d94e342d37847a6c5e54110N.exe	94
PID 4448 wrote to memory of 4004	4448	794e64051d94e342d37847a6c5e54110N.exe	94
PID 4448 wrote to memory of 4544	4448	794e64051d94e342d37847a6c5e54110N.exe	95
PID 4448 wrote to memory of 4544	4448	794e64051d94e342d37847a6c5e54110N.exe	95
PID 4448 wrote to memory of 4960	4448	794e64051d94e342d37847a6c5e54110N.exe	96
PID 4448 wrote to memory of 4960	4448	794e64051d94e342d37847a6c5e54110N.exe	96
PID 4448 wrote to memory of 5016	4448	794e64051d94e342d37847a6c5e54110N.exe	97
PID 4448 wrote to memory of 5016	4448	794e64051d94e342d37847a6c5e54110N.exe	97
PID 4448 wrote to memory of 4772	4448	794e64051d94e342d37847a6c5e54110N.exe	98
PID 4448 wrote to memory of 4772	4448	794e64051d94e342d37847a6c5e54110N.exe	98
PID 4448 wrote to memory of 4156	4448	794e64051d94e342d37847a6c5e54110N.exe	99
PID 4448 wrote to memory of 4156	4448	794e64051d94e342d37847a6c5e54110N.exe	99
PID 4448 wrote to memory of 5040	4448	794e64051d94e342d37847a6c5e54110N.exe	100
PID 4448 wrote to memory of 5040	4448	794e64051d94e342d37847a6c5e54110N.exe	100
PID 4448 wrote to memory of 2472	4448	794e64051d94e342d37847a6c5e54110N.exe	101
PID 4448 wrote to memory of 2472	4448	794e64051d94e342d37847a6c5e54110N.exe	101
PID 4448 wrote to memory of 4556	4448	794e64051d94e342d37847a6c5e54110N.exe	102
PID 4448 wrote to memory of 4556	4448	794e64051d94e342d37847a6c5e54110N.exe	102
PID 4448 wrote to memory of 4072	4448	794e64051d94e342d37847a6c5e54110N.exe	103
PID 4448 wrote to memory of 4072	4448	794e64051d94e342d37847a6c5e54110N.exe	103
PID 4448 wrote to memory of 3472	4448	794e64051d94e342d37847a6c5e54110N.exe	104
PID 4448 wrote to memory of 3472	4448	794e64051d94e342d37847a6c5e54110N.exe	104
PID 4448 wrote to memory of 2080	4448	794e64051d94e342d37847a6c5e54110N.exe	105
PID 4448 wrote to memory of 2080	4448	794e64051d94e342d37847a6c5e54110N.exe	105
PID 4448 wrote to memory of 3104	4448	794e64051d94e342d37847a6c5e54110N.exe	106
PID 4448 wrote to memory of 3104	4448	794e64051d94e342d37847a6c5e54110N.exe	106
PID 4448 wrote to memory of 3024	4448	794e64051d94e342d37847a6c5e54110N.exe	107
PID 4448 wrote to memory of 3024	4448	794e64051d94e342d37847a6c5e54110N.exe	107
PID 4448 wrote to memory of 5112	4448	794e64051d94e342d37847a6c5e54110N.exe	108
PID 4448 wrote to memory of 5112	4448	794e64051d94e342d37847a6c5e54110N.exe	108
PID 4448 wrote to memory of 4368	4448	794e64051d94e342d37847a6c5e54110N.exe	109
PID 4448 wrote to memory of 4368	4448	794e64051d94e342d37847a6c5e54110N.exe	109
PID 4448 wrote to memory of 3468	4448	794e64051d94e342d37847a6c5e54110N.exe	110
PID 4448 wrote to memory of 3468	4448	794e64051d94e342d37847a6c5e54110N.exe	110
PID 4448 wrote to memory of 2384	4448	794e64051d94e342d37847a6c5e54110N.exe	111
PID 4448 wrote to memory of 2384	4448	794e64051d94e342d37847a6c5e54110N.exe	111
PID 4448 wrote to memory of 1684	4448	794e64051d94e342d37847a6c5e54110N.exe	112
PID 4448 wrote to memory of 1684	4448	794e64051d94e342d37847a6c5e54110N.exe	112
PID 4448 wrote to memory of 4816	4448	794e64051d94e342d37847a6c5e54110N.exe	113
PID 4448 wrote to memory of 4816	4448	794e64051d94e342d37847a6c5e54110N.exe	113
PID 4448 wrote to memory of 3712	4448	794e64051d94e342d37847a6c5e54110N.exe	114
PID 4448 wrote to memory of 3712	4448	794e64051d94e342d37847a6c5e54110N.exe	114
PID 4448 wrote to memory of 548	4448	794e64051d94e342d37847a6c5e54110N.exe	115
PID 4448 wrote to memory of 548	4448	794e64051d94e342d37847a6c5e54110N.exe	115
PID 4448 wrote to memory of 2200	4448	794e64051d94e342d37847a6c5e54110N.exe	116
PID 4448 wrote to memory of 2200	4448	794e64051d94e342d37847a6c5e54110N.exe	116
PID 4448 wrote to memory of 4692	4448	794e64051d94e342d37847a6c5e54110N.exe	117
PID 4448 wrote to memory of 4692	4448	794e64051d94e342d37847a6c5e54110N.exe	117
PID 4448 wrote to memory of 4564	4448	794e64051d94e342d37847a6c5e54110N.exe	118
PID 4448 wrote to memory of 4564	4448	794e64051d94e342d37847a6c5e54110N.exe	118

C:\Users\Admin\AppData\Local\Temp\794e64051d94e342d37847a6c5e54110N.exe
"C:\Users\Admin\AppData\Local\Temp\794e64051d94e342d37847a6c5e54110N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1088
- C:\Windows\System\wYfWuMl.exe
  C:\Windows\System\wYfWuMl.exe
  2⤵
  - Executes dropped EXE
  PID:3332
- C:\Windows\System\JQMMCDw.exe
  C:\Windows\System\JQMMCDw.exe
  2⤵
  - Executes dropped EXE
  PID:3272
- C:\Windows\System\sZBBWQo.exe
  C:\Windows\System\sZBBWQo.exe
  2⤵
  - Executes dropped EXE
  PID:4500
- C:\Windows\System\kVdVpii.exe
  C:\Windows\System\kVdVpii.exe
  2⤵
  - Executes dropped EXE
  PID:2460
- C:\Windows\System\JxoRSoQ.exe
  C:\Windows\System\JxoRSoQ.exe
  2⤵
  - Executes dropped EXE
  PID:820
- C:\Windows\System\wLryfkU.exe
  C:\Windows\System\wLryfkU.exe
  2⤵
  - Executes dropped EXE
  PID:228
- C:\Windows\System\hfiXOUO.exe
  C:\Windows\System\hfiXOUO.exe
  2⤵
  - Executes dropped EXE
  PID:4004
- C:\Windows\System\LKjpvlN.exe
  C:\Windows\System\LKjpvlN.exe
  2⤵
  - Executes dropped EXE
  PID:4544
- C:\Windows\System\zsmFYuM.exe
  C:\Windows\System\zsmFYuM.exe
  2⤵
  - Executes dropped EXE
  PID:4960
- C:\Windows\System\hdHKOUb.exe
  C:\Windows\System\hdHKOUb.exe
  2⤵
  - Executes dropped EXE
  PID:5016
- C:\Windows\System\SykaDMl.exe
  C:\Windows\System\SykaDMl.exe
  2⤵
  - Executes dropped EXE
  PID:4772
- C:\Windows\System\YClLALQ.exe
  C:\Windows\System\YClLALQ.exe
  2⤵
  - Executes dropped EXE
  PID:4156
- C:\Windows\System\aPtgjPB.exe
  C:\Windows\System\aPtgjPB.exe
  2⤵
  - Executes dropped EXE
  PID:5040
- C:\Windows\System\QHafDmq.exe
  C:\Windows\System\QHafDmq.exe
  2⤵
  - Executes dropped EXE
  PID:2472
- C:\Windows\System\lEmOBSl.exe
  C:\Windows\System\lEmOBSl.exe
  2⤵
  - Executes dropped EXE
  PID:4556
- C:\Windows\System\dSqvMDM.exe
  C:\Windows\System\dSqvMDM.exe
  2⤵
  - Executes dropped EXE
  PID:4072
- C:\Windows\System\ljChSoi.exe
  C:\Windows\System\ljChSoi.exe
  2⤵
  - Executes dropped EXE
  PID:3472
- C:\Windows\System\sPkLEVB.exe
  C:\Windows\System\sPkLEVB.exe
  2⤵
  - Executes dropped EXE
  PID:2080
- C:\Windows\System\VXIkcrQ.exe
  C:\Windows\System\VXIkcrQ.exe
  2⤵
  - Executes dropped EXE
  PID:3104
- C:\Windows\System\xDrMtCh.exe
  C:\Windows\System\xDrMtCh.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- C:\Windows\System\boWzGJg.exe
  C:\Windows\System\boWzGJg.exe
  2⤵
  - Executes dropped EXE
  PID:5112
- C:\Windows\System\qpvkIFp.exe
  C:\Windows\System\qpvkIFp.exe
  2⤵
  - Executes dropped EXE
  PID:4368
- C:\Windows\System\JFmahgI.exe
  C:\Windows\System\JFmahgI.exe
  2⤵
  - Executes dropped EXE
  PID:3468
- C:\Windows\System\NqsZfWr.exe
  C:\Windows\System\NqsZfWr.exe
  2⤵
  - Executes dropped EXE
  PID:2384
- C:\Windows\System\XVROzEf.exe
  C:\Windows\System\XVROzEf.exe
  2⤵
  - Executes dropped EXE
  PID:1684
- C:\Windows\System\XRiFAFV.exe
  C:\Windows\System\XRiFAFV.exe
  2⤵
  - Executes dropped EXE
  PID:4816
- C:\Windows\System\TQzPMjK.exe
  C:\Windows\System\TQzPMjK.exe
  2⤵
  - Executes dropped EXE
  PID:3712
- C:\Windows\System\sqcmgPA.exe
  C:\Windows\System\sqcmgPA.exe
  2⤵
  - Executes dropped EXE
  PID:548
- C:\Windows\System\Azgcaqw.exe
  C:\Windows\System\Azgcaqw.exe
  2⤵
  - Executes dropped EXE
  PID:2200
- C:\Windows\System\rOZXBdN.exe
  C:\Windows\System\rOZXBdN.exe
  2⤵
  - Executes dropped EXE
  PID:4692
- C:\Windows\System\RxpTJjY.exe
  C:\Windows\System\RxpTJjY.exe
  2⤵
  - Executes dropped EXE
  PID:4564
- C:\Windows\System\ImPGUbU.exe
  C:\Windows\System\ImPGUbU.exe
  2⤵
  - Executes dropped EXE
  PID:3672
- C:\Windows\System\qtvTHSv.exe
  C:\Windows\System\qtvTHSv.exe
  2⤵
  - Executes dropped EXE
  PID:4416
- C:\Windows\System\QjimYTz.exe
  C:\Windows\System\QjimYTz.exe
  2⤵
  - Executes dropped EXE
  PID:4068
- C:\Windows\System\QyspqFd.exe
  C:\Windows\System\QyspqFd.exe
  2⤵
  - Executes dropped EXE
  PID:2076
- C:\Windows\System\GTvdirp.exe
  C:\Windows\System\GTvdirp.exe
  2⤵
  - Executes dropped EXE
  PID:4360
- C:\Windows\System\vKcRdXW.exe
  C:\Windows\System\vKcRdXW.exe
  2⤵
  - Executes dropped EXE
  PID:1108
- C:\Windows\System\bRhFvby.exe
  C:\Windows\System\bRhFvby.exe
  2⤵
  - Executes dropped EXE
  PID:4188
- C:\Windows\System\cXOXSQo.exe
  C:\Windows\System\cXOXSQo.exe
  2⤵
  - Executes dropped EXE
  PID:2052
- C:\Windows\System\rcwhLlh.exe
  C:\Windows\System\rcwhLlh.exe
  2⤵
  - Executes dropped EXE
  PID:4824
- C:\Windows\System\zSgoUfQ.exe
  C:\Windows\System\zSgoUfQ.exe
  2⤵
  - Executes dropped EXE
  PID:2596
- C:\Windows\System\CagTzoj.exe
  C:\Windows\System\CagTzoj.exe
  2⤵
  - Executes dropped EXE
  PID:3212
- C:\Windows\System\hSoFMAa.exe
  C:\Windows\System\hSoFMAa.exe
  2⤵
  - Executes dropped EXE
  PID:5008
- C:\Windows\System\hvoJkzl.exe
  C:\Windows\System\hvoJkzl.exe
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Windows\System\OfSQYtS.exe
  C:\Windows\System\OfSQYtS.exe
  2⤵
  - Executes dropped EXE
  PID:1052
- C:\Windows\System\RXxqxxS.exe
  C:\Windows\System\RXxqxxS.exe
  2⤵
  - Executes dropped EXE
  PID:1652
- C:\Windows\System\ATGFWzA.exe
  C:\Windows\System\ATGFWzA.exe
  2⤵
  - Executes dropped EXE
  PID:452
- C:\Windows\System\ZtxfWnm.exe
  C:\Windows\System\ZtxfWnm.exe
  2⤵
  - Executes dropped EXE
  PID:1588
- C:\Windows\System\AsUPjpb.exe
  C:\Windows\System\AsUPjpb.exe
  2⤵
  - Executes dropped EXE
  PID:4668
- C:\Windows\System\jVietmE.exe
  C:\Windows\System\jVietmE.exe
  2⤵
  - Executes dropped EXE
  PID:636
- C:\Windows\System\bDHiNGb.exe
  C:\Windows\System\bDHiNGb.exe
  2⤵
  - Executes dropped EXE
  PID:1756
- C:\Windows\System\CDZKAHw.exe
  C:\Windows\System\CDZKAHw.exe
  2⤵
  - Executes dropped EXE
  PID:2992
- C:\Windows\System\psaVoyD.exe
  C:\Windows\System\psaVoyD.exe
  2⤵
  - Executes dropped EXE
  PID:2736
- C:\Windows\System\iwrFQvn.exe
  C:\Windows\System\iwrFQvn.exe
  2⤵
  - Executes dropped EXE
  PID:3288
- C:\Windows\System\aJRpXqC.exe
  C:\Windows\System\aJRpXqC.exe
  2⤵
  - Executes dropped EXE
  PID:4364
- C:\Windows\System\uwRLjvU.exe
  C:\Windows\System\uwRLjvU.exe
  2⤵
  - Executes dropped EXE
  PID:4676
- C:\Windows\System\PHormYZ.exe
  C:\Windows\System\PHormYZ.exe
  2⤵
  - Executes dropped EXE
  PID:2060
- C:\Windows\System\ietkHbo.exe
  C:\Windows\System\ietkHbo.exe
  2⤵
  - Executes dropped EXE
  PID:4196
- C:\Windows\System\hvhInoP.exe
  C:\Windows\System\hvhInoP.exe
  2⤵
  - Executes dropped EXE
  PID:1724
- C:\Windows\System\hAgpjCy.exe
  C:\Windows\System\hAgpjCy.exe
  2⤵
  - Executes dropped EXE
  PID:3724
- C:\Windows\System\ErohMVm.exe
  C:\Windows\System\ErohMVm.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Windows\System\xFvFwZd.exe
  C:\Windows\System\xFvFwZd.exe
  2⤵
  - Executes dropped EXE
  PID:3300
- C:\Windows\System\ZVLIWCD.exe
  C:\Windows\System\ZVLIWCD.exe
  2⤵
  - Executes dropped EXE
  PID:1760
- C:\Windows\System\IqVCEea.exe
  C:\Windows\System\IqVCEea.exe
  2⤵
  - Executes dropped EXE
  PID:3932
- C:\Windows\System\YXdwvMp.exe
  C:\Windows\System\YXdwvMp.exe
  2⤵
  PID:404
- C:\Windows\System\YdRftlQ.exe
  C:\Windows\System\YdRftlQ.exe
  2⤵
  PID:3504
- C:\Windows\System\OlawLtd.exe
  C:\Windows\System\OlawLtd.exe
  2⤵
  PID:4296
- C:\Windows\System\fwPkhTY.exe
  C:\Windows\System\fwPkhTY.exe
  2⤵
  PID:3940
- C:\Windows\System\eUsHTni.exe
  C:\Windows\System\eUsHTni.exe
  2⤵
  PID:4876
- C:\Windows\System\JdwkEBV.exe
  C:\Windows\System\JdwkEBV.exe
  2⤵
  PID:4044
- C:\Windows\System\qxPAnSC.exe
  C:\Windows\System\qxPAnSC.exe
  2⤵
  PID:3768
- C:\Windows\System\PobTxvm.exe
  C:\Windows\System\PobTxvm.exe
  2⤵
  PID:5088
- C:\Windows\System\MeVbyLe.exe
  C:\Windows\System\MeVbyLe.exe
  2⤵
  PID:3284
- C:\Windows\System\hXOypge.exe
  C:\Windows\System\hXOypge.exe
  2⤵
  PID:2640
- C:\Windows\System\FoTrUSd.exe
  C:\Windows\System\FoTrUSd.exe
  2⤵
  PID:4536
- C:\Windows\System\NlUshxw.exe
  C:\Windows\System\NlUshxw.exe
  2⤵
  PID:532
- C:\Windows\System\LGyrfKy.exe
  C:\Windows\System\LGyrfKy.exe
  2⤵
  PID:1612
- C:\Windows\System\KeTpJvU.exe
  C:\Windows\System\KeTpJvU.exe
  2⤵
  PID:3676
- C:\Windows\System\dSqCeYh.exe
  C:\Windows\System\dSqCeYh.exe
  2⤵
  PID:3820
- C:\Windows\System\xIpBtPv.exe
  C:\Windows\System\xIpBtPv.exe
  2⤵
  PID:1056
- C:\Windows\System\pRWjVgj.exe
  C:\Windows\System\pRWjVgj.exe
  2⤵
  PID:5132
- C:\Windows\System\BvarYXf.exe
  C:\Windows\System\BvarYXf.exe
  2⤵
  PID:5148
- C:\Windows\System\McwaUWv.exe
  C:\Windows\System\McwaUWv.exe
  2⤵
  PID:5172
- C:\Windows\System\TLCtOcS.exe
  C:\Windows\System\TLCtOcS.exe
  2⤵
  PID:5188
- C:\Windows\System\KFuwTnd.exe
  C:\Windows\System\KFuwTnd.exe
  2⤵
  PID:5204
- C:\Windows\System\fanHYFD.exe
  C:\Windows\System\fanHYFD.exe
  2⤵
  PID:5232
- C:\Windows\System\fHCBGYK.exe
  C:\Windows\System\fHCBGYK.exe
  2⤵
  PID:5248
- C:\Windows\System\hwlsbEc.exe
  C:\Windows\System\hwlsbEc.exe
  2⤵
  PID:5288
- C:\Windows\System\yzDihWD.exe
  C:\Windows\System\yzDihWD.exe
  2⤵
  PID:5304
- C:\Windows\System\rMDrFzw.exe
  C:\Windows\System\rMDrFzw.exe
  2⤵
  PID:5324
- C:\Windows\System\uiweXej.exe
  C:\Windows\System\uiweXej.exe
  2⤵
  PID:5340
- C:\Windows\System\mJSYdqu.exe
  C:\Windows\System\mJSYdqu.exe
  2⤵
  PID:5360
- C:\Windows\System\kraIoZo.exe
  C:\Windows\System\kraIoZo.exe
  2⤵
  PID:5384
- C:\Windows\System\GSWabSx.exe
  C:\Windows\System\GSWabSx.exe
  2⤵
  PID:5400
- C:\Windows\System\NyrMcER.exe
  C:\Windows\System\NyrMcER.exe
  2⤵
  PID:5420
- C:\Windows\System\VLPAcDN.exe
  C:\Windows\System\VLPAcDN.exe
  2⤵
  PID:5440
- C:\Windows\System\twsPoYr.exe
  C:\Windows\System\twsPoYr.exe
  2⤵
  PID:5460
- C:\Windows\System\OOvwTqD.exe
  C:\Windows\System\OOvwTqD.exe
  2⤵
  PID:5484
- C:\Windows\System\ezBHvgj.exe
  C:\Windows\System\ezBHvgj.exe
  2⤵
  PID:5504
- C:\Windows\System\kuxmeNH.exe
  C:\Windows\System\kuxmeNH.exe
  2⤵
  PID:5520
- C:\Windows\System\qcXgACP.exe
  C:\Windows\System\qcXgACP.exe
  2⤵
  PID:5540
- C:\Windows\System\CExuMZj.exe
  C:\Windows\System\CExuMZj.exe
  2⤵
  PID:5556
- C:\Windows\System\NPsJVai.exe
  C:\Windows\System\NPsJVai.exe
  2⤵
  PID:5572
- C:\Windows\System\gcIWSGc.exe
  C:\Windows\System\gcIWSGc.exe
  2⤵
  PID:5592
- C:\Windows\System\peAjLHQ.exe
  C:\Windows\System\peAjLHQ.exe
  2⤵
  PID:5608
- C:\Windows\System\jbZlQhg.exe
  C:\Windows\System\jbZlQhg.exe
  2⤵
  PID:5632
- C:\Windows\System\hTxYjOB.exe
  C:\Windows\System\hTxYjOB.exe
  2⤵
  PID:5648
- C:\Windows\System\jgMKmhH.exe
  C:\Windows\System\jgMKmhH.exe
  2⤵
  PID:5684
- C:\Windows\System\WcjLBio.exe
  C:\Windows\System\WcjLBio.exe
  2⤵
  PID:5700
- C:\Windows\System\otfFUAT.exe
  C:\Windows\System\otfFUAT.exe
  2⤵
  PID:5720
- C:\Windows\System\fBJwClw.exe
  C:\Windows\System\fBJwClw.exe
  2⤵
  PID:5736
- C:\Windows\System\THfbhAr.exe
  C:\Windows\System\THfbhAr.exe
  2⤵
  PID:5760
- C:\Windows\System\LDnsPDI.exe
  C:\Windows\System\LDnsPDI.exe
  2⤵
  PID:5776
- C:\Windows\System\kjEyqGf.exe
  C:\Windows\System\kjEyqGf.exe
  2⤵
  PID:5800
- C:\Windows\System\yafrpwj.exe
  C:\Windows\System\yafrpwj.exe
  2⤵
  PID:5820
- C:\Windows\System\mPbxEKy.exe
  C:\Windows\System\mPbxEKy.exe
  2⤵
  PID:5836
- C:\Windows\System\xNEggBb.exe
  C:\Windows\System\xNEggBb.exe
  2⤵
  PID:5860
- C:\Windows\System\WBCWAhF.exe
  C:\Windows\System\WBCWAhF.exe
  2⤵
  PID:5880
- C:\Windows\System\QseYtli.exe
  C:\Windows\System\QseYtli.exe
  2⤵
  PID:5896
- C:\Windows\System\VjGtbcW.exe
  C:\Windows\System\VjGtbcW.exe
  2⤵
  PID:5924
- C:\Windows\System\nzHLxRb.exe
  C:\Windows\System\nzHLxRb.exe
  2⤵
  PID:5940
- C:\Windows\System\MHEAvpO.exe
  C:\Windows\System\MHEAvpO.exe
  2⤵
  PID:5956
- C:\Windows\System\SNUhMnH.exe
  C:\Windows\System\SNUhMnH.exe
  2⤵
  PID:5980
- C:\Windows\System\PZnIhlu.exe
  C:\Windows\System\PZnIhlu.exe
  2⤵
  PID:6004
- C:\Windows\System\YMXIKGD.exe
  C:\Windows\System\YMXIKGD.exe
  2⤵
  PID:6020
- C:\Windows\System\hHFefhc.exe
  C:\Windows\System\hHFefhc.exe
  2⤵
  PID:6040
- C:\Windows\System\laMDwUE.exe
  C:\Windows\System\laMDwUE.exe
  2⤵
  PID:6064
- C:\Windows\System\DmfWUOu.exe
  C:\Windows\System\DmfWUOu.exe
  2⤵
  PID:6080
- C:\Windows\System\JcpWOjp.exe
  C:\Windows\System\JcpWOjp.exe
  2⤵
  PID:6104
- C:\Windows\System\eRmGdfZ.exe
  C:\Windows\System\eRmGdfZ.exe
  2⤵
  PID:6132
- C:\Windows\System\zXkGwPY.exe
  C:\Windows\System\zXkGwPY.exe
  2⤵
  PID:1076
- C:\Windows\System\ELwQxmy.exe
  C:\Windows\System\ELwQxmy.exe
  2⤵
  PID:1392
- C:\Windows\System\PNdnNzS.exe
  C:\Windows\System\PNdnNzS.exe
  2⤵
  PID:912
- C:\Windows\System\TwPTxom.exe
  C:\Windows\System\TwPTxom.exe
  2⤵
  PID:2720
- C:\Windows\System\bbxnowS.exe
  C:\Windows\System\bbxnowS.exe
  2⤵
  PID:1940
- C:\Windows\System\AFDgJay.exe
  C:\Windows\System\AFDgJay.exe
  2⤵
  PID:2552
- C:\Windows\System\PNxfniM.exe
  C:\Windows\System\PNxfniM.exe
  2⤵
  PID:4308
- C:\Windows\System\AvhqJdn.exe
  C:\Windows\System\AvhqJdn.exe
  2⤵
  PID:4560
- C:\Windows\System\LEOIhAb.exe
  C:\Windows\System\LEOIhAb.exe
  2⤵
  PID:5124
- C:\Windows\System\zllfpCo.exe
  C:\Windows\System\zllfpCo.exe
  2⤵
  PID:5156
- C:\Windows\System\zdguERc.exe
  C:\Windows\System\zdguERc.exe
  2⤵
  PID:4236
- C:\Windows\System\tqSpiiS.exe
  C:\Windows\System\tqSpiiS.exe
  2⤵
  PID:4852
- C:\Windows\System\zYDEhcd.exe
  C:\Windows\System\zYDEhcd.exe
  2⤵
  PID:2412
- C:\Windows\System\rRxjuYH.exe
  C:\Windows\System\rRxjuYH.exe
  2⤵
  PID:4756
- C:\Windows\System\OZAOwqc.exe
  C:\Windows\System\OZAOwqc.exe
  2⤵
  PID:4844
- C:\Windows\System\mjsexRI.exe
  C:\Windows\System\mjsexRI.exe
  2⤵
  PID:220
- C:\Windows\System\vwRHJGj.exe
  C:\Windows\System\vwRHJGj.exe
  2⤵
  PID:1992
- C:\Windows\System\yoLHjtn.exe
  C:\Windows\System\yoLHjtn.exe
  2⤵
  PID:5876
- C:\Windows\System\cVXViHE.exe
  C:\Windows\System\cVXViHE.exe
  2⤵
  PID:5908
- C:\Windows\System\BwcLElV.exe
  C:\Windows\System\BwcLElV.exe
  2⤵
  PID:6164
- C:\Windows\System\lNARTyE.exe
  C:\Windows\System\lNARTyE.exe
  2⤵
  PID:6180
- C:\Windows\System\sBSiUbD.exe
  C:\Windows\System\sBSiUbD.exe
  2⤵
  PID:6204
- C:\Windows\System\udzHumz.exe
  C:\Windows\System\udzHumz.exe
  2⤵
  PID:6232
- C:\Windows\System\ywcccpO.exe
  C:\Windows\System\ywcccpO.exe
  2⤵
  PID:6268
- C:\Windows\System\sXxhSpe.exe
  C:\Windows\System\sXxhSpe.exe
  2⤵
  PID:6288
- C:\Windows\System\NkLoVcc.exe
  C:\Windows\System\NkLoVcc.exe
  2⤵
  PID:6316
- C:\Windows\System\fZNvKwm.exe
  C:\Windows\System\fZNvKwm.exe
  2⤵
  PID:6332
- C:\Windows\System\iCZLjid.exe
  C:\Windows\System\iCZLjid.exe
  2⤵
  PID:6348
- C:\Windows\System\jPPmeXa.exe
  C:\Windows\System\jPPmeXa.exe
  2⤵
  PID:6372
- C:\Windows\System\Zvzeifs.exe
  C:\Windows\System\Zvzeifs.exe
  2⤵
  PID:6388
- C:\Windows\System\sVfBPEc.exe
  C:\Windows\System\sVfBPEc.exe
  2⤵
  PID:6416
- C:\Windows\System\IuQTDzh.exe
  C:\Windows\System\IuQTDzh.exe
  2⤵
  PID:6440
- C:\Windows\System\XXyZqUA.exe
  C:\Windows\System\XXyZqUA.exe
  2⤵
  PID:6456
- C:\Windows\System\rGAJBJV.exe
  C:\Windows\System\rGAJBJV.exe
  2⤵
  PID:6472
- C:\Windows\System\gAeGxvL.exe
  C:\Windows\System\gAeGxvL.exe
  2⤵
  PID:6496
- C:\Windows\System\jTLwcSU.exe
  C:\Windows\System\jTLwcSU.exe
  2⤵
  PID:6520
- C:\Windows\System\czfkzbE.exe
  C:\Windows\System\czfkzbE.exe
  2⤵
  PID:6536
- C:\Windows\System\XHIouHA.exe
  C:\Windows\System\XHIouHA.exe
  2⤵
  PID:6560
- C:\Windows\System\kDWLWhh.exe
  C:\Windows\System\kDWLWhh.exe
  2⤵
  PID:6576
- C:\Windows\System\EKuzfKY.exe
  C:\Windows\System\EKuzfKY.exe
  2⤵
  PID:6600
- C:\Windows\System\NHefHcy.exe
  C:\Windows\System\NHefHcy.exe
  2⤵
  PID:6620
- C:\Windows\System\ZGbNwGV.exe
  C:\Windows\System\ZGbNwGV.exe
  2⤵
  PID:6636
- C:\Windows\System\WQwNHfL.exe
  C:\Windows\System\WQwNHfL.exe
  2⤵
  PID:6668
- C:\Windows\System\XPkBCTv.exe
  C:\Windows\System\XPkBCTv.exe
  2⤵
  PID:6688
- C:\Windows\System\LbZFNHR.exe
  C:\Windows\System\LbZFNHR.exe
  2⤵
  PID:6712
- C:\Windows\System\DLNLBlH.exe
  C:\Windows\System\DLNLBlH.exe
  2⤵
  PID:6732
- C:\Windows\System\ybhKluJ.exe
  C:\Windows\System\ybhKluJ.exe
  2⤵
  PID:6748
- C:\Windows\System\cTaJbKp.exe
  C:\Windows\System\cTaJbKp.exe
  2⤵
  PID:6772
- C:\Windows\System\DnsYbmk.exe
  C:\Windows\System\DnsYbmk.exe
  2⤵
  PID:6788
- C:\Windows\System\bczWYQX.exe
  C:\Windows\System\bczWYQX.exe
  2⤵
  PID:6804
- C:\Windows\System\lQnfRUl.exe
  C:\Windows\System\lQnfRUl.exe
  2⤵
  PID:6828
- C:\Windows\System\vbrtLtz.exe
  C:\Windows\System\vbrtLtz.exe
  2⤵
  PID:6852
- C:\Windows\System\zdVJDjy.exe
  C:\Windows\System\zdVJDjy.exe
  2⤵
  PID:6868
- C:\Windows\System\YGLLdtm.exe
  C:\Windows\System\YGLLdtm.exe
  2⤵
  PID:6892
- C:\Windows\System\nQsBvka.exe
  C:\Windows\System\nQsBvka.exe
  2⤵
  PID:6908
- C:\Windows\System\cTLwUbD.exe
  C:\Windows\System\cTLwUbD.exe
  2⤵
  PID:6928
- C:\Windows\System\BlgGivE.exe
  C:\Windows\System\BlgGivE.exe
  2⤵
  PID:712
- C:\Windows\System\HPpILWr.exe
  C:\Windows\System\HPpILWr.exe
  2⤵
  PID:5516
- C:\Windows\System\CbpUgcq.exe
  C:\Windows\System\CbpUgcq.exe
  2⤵
  PID:5084
- C:\Windows\System\KCJPhYW.exe
  C:\Windows\System\KCJPhYW.exe
  2⤵
  PID:4888
- C:\Windows\System\ZXHQytx.exe
  C:\Windows\System\ZXHQytx.exe
  2⤵
  PID:2000
- C:\Windows\System\dalmYCw.exe
  C:\Windows\System\dalmYCw.exe
  2⤵
  PID:5180
- C:\Windows\System\egTrSMq.exe
  C:\Windows\System\egTrSMq.exe
  2⤵
  PID:6036
- C:\Windows\System\fLHYGug.exe
  C:\Windows\System\fLHYGug.exe
  2⤵
  PID:5300
- C:\Windows\System\cYVMDFl.exe
  C:\Windows\System\cYVMDFl.exe
  2⤵
  PID:6264
- C:\Windows\System\yQedTHk.exe
  C:\Windows\System\yQedTHk.exe
  2⤵
  PID:6324
- C:\Windows\System\GZVgMUh.exe
  C:\Windows\System\GZVgMUh.exe
  2⤵
  PID:6656
- C:\Windows\System\HTVtFGv.exe
  C:\Windows\System\HTVtFGv.exe
  2⤵
  PID:5456
- C:\Windows\System\KNekTAu.exe
  C:\Windows\System\KNekTAu.exe
  2⤵
  PID:5428
- C:\Windows\System\HhUhGhv.exe
  C:\Windows\System\HhUhGhv.exe
  2⤵
  PID:5396
- C:\Windows\System\qAMoDAH.exe
  C:\Windows\System\qAMoDAH.exe
  2⤵
  PID:6800
- C:\Windows\System\vpINCfN.exe
  C:\Windows\System\vpINCfN.exe
  2⤵
  PID:5552
- C:\Windows\System\YPNhseb.exe
  C:\Windows\System\YPNhseb.exe
  2⤵
  PID:5600
- C:\Windows\System\aNsTsGw.exe
  C:\Windows\System\aNsTsGw.exe
  2⤵
  PID:2560
- C:\Windows\System\SWlUixh.exe
  C:\Windows\System\SWlUixh.exe
  2⤵
  PID:7184
- C:\Windows\System\CvYWKDp.exe
  C:\Windows\System\CvYWKDp.exe
  2⤵
  PID:7204
- C:\Windows\System\xDzPQiO.exe
  C:\Windows\System\xDzPQiO.exe
  2⤵
  PID:7232
- C:\Windows\System\VVZJxqe.exe
  C:\Windows\System\VVZJxqe.exe
  2⤵
  PID:7260
- C:\Windows\System\MlZnqPZ.exe
  C:\Windows\System\MlZnqPZ.exe
  2⤵
  PID:7284
- C:\Windows\System\WYGKAgT.exe
  C:\Windows\System\WYGKAgT.exe
  2⤵
  PID:7320
- C:\Windows\System\ozNAnvS.exe
  C:\Windows\System\ozNAnvS.exe
  2⤵
  PID:7340
- C:\Windows\System\KRKneUV.exe
  C:\Windows\System\KRKneUV.exe
  2⤵
  PID:7368
- C:\Windows\System\dAgNlqV.exe
  C:\Windows\System\dAgNlqV.exe
  2⤵
  PID:7388
- C:\Windows\System\ZDUYbuH.exe
  C:\Windows\System\ZDUYbuH.exe
  2⤵
  PID:7404
- C:\Windows\System\JQceCvO.exe
  C:\Windows\System\JQceCvO.exe
  2⤵
  PID:7420
- C:\Windows\System\eJkUauA.exe
  C:\Windows\System\eJkUauA.exe
  2⤵
  PID:7452
- C:\Windows\System\PVmmmMY.exe
  C:\Windows\System\PVmmmMY.exe
  2⤵
  PID:7472
- C:\Windows\System\kwBGnnx.exe
  C:\Windows\System\kwBGnnx.exe
  2⤵
  PID:7496
- C:\Windows\System\BTrovdz.exe
  C:\Windows\System\BTrovdz.exe
  2⤵
  PID:7512
- C:\Windows\System\CdBFgUK.exe
  C:\Windows\System\CdBFgUK.exe
  2⤵
  PID:7536
- C:\Windows\System\xOXGlsu.exe
  C:\Windows\System\xOXGlsu.exe
  2⤵
  PID:7552
- C:\Windows\System\UDamrUG.exe
  C:\Windows\System\UDamrUG.exe
  2⤵
  PID:7580
- C:\Windows\System\mmdxUmU.exe
  C:\Windows\System\mmdxUmU.exe
  2⤵
  PID:7600
- C:\Windows\System\lePgVsB.exe
  C:\Windows\System\lePgVsB.exe
  2⤵
  PID:7616
- C:\Windows\System\QiYoiHc.exe
  C:\Windows\System\QiYoiHc.exe
  2⤵
  PID:7636
- C:\Windows\System\teipJAu.exe
  C:\Windows\System\teipJAu.exe
  2⤵
  PID:7656
- C:\Windows\System\rlovVFm.exe
  C:\Windows\System\rlovVFm.exe
  2⤵
  PID:7692
- C:\Windows\System\TLqVXMg.exe
  C:\Windows\System\TLqVXMg.exe
  2⤵
  PID:7724
- C:\Windows\System\NoEofMk.exe
  C:\Windows\System\NoEofMk.exe
  2⤵
  PID:7740
- C:\Windows\System\hOgcXlq.exe
  C:\Windows\System\hOgcXlq.exe
  2⤵
  PID:7756
- C:\Windows\System\zUNlQbP.exe
  C:\Windows\System\zUNlQbP.exe
  2⤵
  PID:7776
- C:\Windows\System\aclsvgb.exe
  C:\Windows\System\aclsvgb.exe
  2⤵
  PID:7796
- C:\Windows\System\RAaZDfl.exe
  C:\Windows\System\RAaZDfl.exe
  2⤵
  PID:7816
- C:\Windows\System\AwDczoi.exe
  C:\Windows\System\AwDczoi.exe
  2⤵
  PID:7840
- C:\Windows\System\rtHtIjK.exe
  C:\Windows\System\rtHtIjK.exe
  2⤵
  PID:7856
- C:\Windows\System\NVLWNlH.exe
  C:\Windows\System\NVLWNlH.exe
  2⤵
  PID:7872
- C:\Windows\System\EKablGR.exe
  C:\Windows\System\EKablGR.exe
  2⤵
  PID:7908
- C:\Windows\System\ImGHoYg.exe
  C:\Windows\System\ImGHoYg.exe
  2⤵
  PID:7928
- C:\Windows\System\sfcnLPt.exe
  C:\Windows\System\sfcnLPt.exe
  2⤵
  PID:7952
- C:\Windows\System\yTLbKnU.exe
  C:\Windows\System\yTLbKnU.exe
  2⤵
  PID:5716
- C:\Windows\System\LPkRqJf.exe
  C:\Windows\System\LPkRqJf.exe
  2⤵
  PID:6188
- C:\Windows\System\MKdkODh.exe
  C:\Windows\System\MKdkODh.exe
  2⤵
  PID:6248
- C:\Windows\System\oXBVBto.exe
  C:\Windows\System\oXBVBto.exe
  2⤵
  PID:6296
- C:\Windows\System\emVdvdF.exe
  C:\Windows\System\emVdvdF.exe
  2⤵
  PID:6356
- C:\Windows\System\gCyFzVd.exe
  C:\Windows\System\gCyFzVd.exe
  2⤵
  PID:6384
- C:\Windows\System\FaWBtwJ.exe
  C:\Windows\System\FaWBtwJ.exe
  2⤵
  PID:6572
- C:\Windows\System\UOmocXe.exe
  C:\Windows\System\UOmocXe.exe
  2⤵
  PID:6584
- C:\Windows\System\BKwlnvJ.exe
  C:\Windows\System\BKwlnvJ.exe
  2⤵
  PID:6676
- C:\Windows\System\ZOQBJqI.exe
  C:\Windows\System\ZOQBJqI.exe
  2⤵
  PID:6724
- C:\Windows\System\EOzjWCl.exe
  C:\Windows\System\EOzjWCl.exe
  2⤵
  PID:6784
- C:\Windows\System\TQDPaDg.exe
  C:\Windows\System\TQDPaDg.exe
  2⤵
  PID:2208
- C:\Windows\System\kyMDjWT.exe
  C:\Windows\System\kyMDjWT.exe
  2⤵
  PID:6876
- C:\Windows\System\bhIDUCr.exe
  C:\Windows\System\bhIDUCr.exe
  2⤵
  PID:4732
- C:\Windows\System\YNnHSeV.exe
  C:\Windows\System\YNnHSeV.exe
  2⤵
  PID:7032
- C:\Windows\System\WetujNH.exe
  C:\Windows\System\WetujNH.exe
  2⤵
  PID:7240
- C:\Windows\System\aTnhhro.exe
  C:\Windows\System\aTnhhro.exe
  2⤵
  PID:7076
- C:\Windows\System\NGbhEMa.exe
  C:\Windows\System\NGbhEMa.exe
  2⤵
  PID:7128
- C:\Windows\System\IIwuEVS.exe
  C:\Windows\System\IIwuEVS.exe
  2⤵
  PID:2692
- C:\Windows\System\wkrqjIl.exe
  C:\Windows\System\wkrqjIl.exe
  2⤵
  PID:5616
- C:\Windows\System\VZDtJYf.exe
  C:\Windows\System\VZDtJYf.exe
  2⤵
  PID:5224
- C:\Windows\System\dEaAJFK.exe
  C:\Windows\System\dEaAJFK.exe
  2⤵
  PID:5320
- C:\Windows\System\zLYbcPF.exe
  C:\Windows\System\zLYbcPF.exe
  2⤵
  PID:5356
- C:\Windows\System\GIJSGXW.exe
  C:\Windows\System\GIJSGXW.exe
  2⤵
  PID:5468
- C:\Windows\System\hvURwtz.exe
  C:\Windows\System\hvURwtz.exe
  2⤵
  PID:5408
- C:\Windows\System\zQCXidx.exe
  C:\Windows\System\zQCXidx.exe
  2⤵
  PID:6056
- C:\Windows\System\sjEElFa.exe
  C:\Windows\System\sjEElFa.exe
  2⤵
  PID:7628
- C:\Windows\System\AhhJDey.exe
  C:\Windows\System\AhhJDey.exe
  2⤵
  PID:7664
- C:\Windows\System\CtKAHpF.exe
  C:\Windows\System\CtKAHpF.exe
  2⤵
  PID:4284
- C:\Windows\System\ohbuxiL.exe
  C:\Windows\System\ohbuxiL.exe
  2⤵
  PID:6884
- C:\Windows\System\TsbhxsI.exe
  C:\Windows\System\TsbhxsI.exe
  2⤵
  PID:5380
- C:\Windows\System\hTFgqse.exe
  C:\Windows\System\hTFgqse.exe
  2⤵
  PID:7196
- C:\Windows\System\eYZexwT.exe
  C:\Windows\System\eYZexwT.exe
  2⤵
  PID:7268
- C:\Windows\System\nVohPPO.exe
  C:\Windows\System\nVohPPO.exe
  2⤵
  PID:7332
- C:\Windows\System\pxJUDUE.exe
  C:\Windows\System\pxJUDUE.exe
  2⤵
  PID:7396
- C:\Windows\System\wcyUSwD.exe
  C:\Windows\System\wcyUSwD.exe
  2⤵
  PID:7428
- C:\Windows\System\TjDRUGW.exe
  C:\Windows\System\TjDRUGW.exe
  2⤵
  PID:7492
- C:\Windows\System\uVpZWvQ.exe
  C:\Windows\System\uVpZWvQ.exe
  2⤵
  PID:7524
- C:\Windows\System\yuaPIXi.exe
  C:\Windows\System\yuaPIXi.exe
  2⤵
  PID:7564
- C:\Windows\System\KnTqIWU.exe
  C:\Windows\System\KnTqIWU.exe
  2⤵
  PID:6936
- C:\Windows\System\zrlqFas.exe
  C:\Windows\System\zrlqFas.exe
  2⤵
  PID:7092
- C:\Windows\System\xtryVCY.exe
  C:\Windows\System\xtryVCY.exe
  2⤵
  PID:8212
- C:\Windows\System\dCjPAfb.exe
  C:\Windows\System\dCjPAfb.exe
  2⤵
  PID:8232
- C:\Windows\System\dNIutZW.exe
  C:\Windows\System\dNIutZW.exe
  2⤵
  PID:8252
- C:\Windows\System\bKyZKfs.exe
  C:\Windows\System\bKyZKfs.exe
  2⤵
  PID:8272
- C:\Windows\System\uJedCRA.exe
  C:\Windows\System\uJedCRA.exe
  2⤵
  PID:8288
- C:\Windows\System\Dgteetf.exe
  C:\Windows\System\Dgteetf.exe
  2⤵
  PID:8308
- C:\Windows\System\SwubYnJ.exe
  C:\Windows\System\SwubYnJ.exe
  2⤵
  PID:8328
- C:\Windows\System\QbPRBJF.exe
  C:\Windows\System\QbPRBJF.exe
  2⤵
  PID:8352
- C:\Windows\System\qMTxvss.exe
  C:\Windows\System\qMTxvss.exe
  2⤵
  PID:8376
- C:\Windows\System\NkjOrdU.exe
  C:\Windows\System\NkjOrdU.exe
  2⤵
  PID:8396
- C:\Windows\System\maadBym.exe
  C:\Windows\System\maadBym.exe
  2⤵
  PID:8412
- C:\Windows\System\JwKjJaG.exe
  C:\Windows\System\JwKjJaG.exe
  2⤵
  PID:8436
- C:\Windows\System\ByXimxA.exe
  C:\Windows\System\ByXimxA.exe
  2⤵
  PID:8452
- C:\Windows\System\YLCKePH.exe
  C:\Windows\System\YLCKePH.exe
  2⤵
  PID:8476
- C:\Windows\System\HiVYEld.exe
  C:\Windows\System\HiVYEld.exe
  2⤵
  PID:8492
- C:\Windows\System\IMBFyik.exe
  C:\Windows\System\IMBFyik.exe
  2⤵
  PID:8516
- C:\Windows\System\eyIpMDi.exe
  C:\Windows\System\eyIpMDi.exe
  2⤵
  PID:8536
- C:\Windows\System\ndNVYqy.exe
  C:\Windows\System\ndNVYqy.exe
  2⤵
  PID:8556
- C:\Windows\System\hqxvKbX.exe
  C:\Windows\System\hqxvKbX.exe
  2⤵
  PID:8576
- C:\Windows\System\mcBpVSN.exe
  C:\Windows\System\mcBpVSN.exe
  2⤵
  PID:8596
- C:\Windows\System\KDsMpRs.exe
  C:\Windows\System\KDsMpRs.exe
  2⤵
  PID:8616
- C:\Windows\System\GaLbsbo.exe
  C:\Windows\System\GaLbsbo.exe
  2⤵
  PID:8640
- C:\Windows\System\zXVesFS.exe
  C:\Windows\System\zXVesFS.exe
  2⤵
  PID:8660
- C:\Windows\System\dQJmkJo.exe
  C:\Windows\System\dQJmkJo.exe
  2⤵
  PID:8680
- C:\Windows\System\tYyrXaQ.exe
  C:\Windows\System\tYyrXaQ.exe
  2⤵
  PID:8696
- C:\Windows\System\GszHONH.exe
  C:\Windows\System\GszHONH.exe
  2⤵
  PID:8716
- C:\Windows\System\sCVNJAu.exe
  C:\Windows\System\sCVNJAu.exe
  2⤵
  PID:8732
- C:\Windows\System\Kxdydki.exe
  C:\Windows\System\Kxdydki.exe
  2⤵
  PID:8748
- C:\Windows\System\yjBbulz.exe
  C:\Windows\System\yjBbulz.exe
  2⤵
  PID:8768
- C:\Windows\System\kSPDfSs.exe
  C:\Windows\System\kSPDfSs.exe
  2⤵
  PID:8784
- C:\Windows\System\hMiUgFL.exe
  C:\Windows\System\hMiUgFL.exe
  2⤵
  PID:8808
- C:\Windows\System\uKmmvtx.exe
  C:\Windows\System\uKmmvtx.exe
  2⤵
  PID:8824
- C:\Windows\System\ggCaxLv.exe
  C:\Windows\System\ggCaxLv.exe
  2⤵
  PID:8840
- C:\Windows\System\izKeFiu.exe
  C:\Windows\System\izKeFiu.exe
  2⤵
  PID:8860
- C:\Windows\System\JeanCEK.exe
  C:\Windows\System\JeanCEK.exe
  2⤵
  PID:8880
- C:\Windows\System\aRePLMD.exe
  C:\Windows\System\aRePLMD.exe
  2⤵
  PID:8896
- C:\Windows\System\UROxuNi.exe
  C:\Windows\System\UROxuNi.exe
  2⤵
  PID:8916
- C:\Windows\System\nJzgbSA.exe
  C:\Windows\System\nJzgbSA.exe
  2⤵
  PID:8932
- C:\Windows\System\RhYajzs.exe
  C:\Windows\System\RhYajzs.exe
  2⤵
  PID:8956
- C:\Windows\System\aklYQRz.exe
  C:\Windows\System\aklYQRz.exe
  2⤵
  PID:8972
- C:\Windows\System\eAtZRzi.exe
  C:\Windows\System\eAtZRzi.exe
  2⤵
  PID:8996
- C:\Windows\System\nnOvvlN.exe
  C:\Windows\System\nnOvvlN.exe
  2⤵
  PID:9012
- C:\Windows\System\OGNPscO.exe
  C:\Windows\System\OGNPscO.exe
  2⤵
  PID:9036
- C:\Windows\System\paCFmrm.exe
  C:\Windows\System\paCFmrm.exe
  2⤵
  PID:9056
- C:\Windows\System\GtLLqrM.exe
  C:\Windows\System\GtLLqrM.exe
  2⤵
  PID:9072
- C:\Windows\System\RceoGGm.exe
  C:\Windows\System\RceoGGm.exe
  2⤵
  PID:9092
- C:\Windows\System\fsWxckH.exe
  C:\Windows\System\fsWxckH.exe
  2⤵
  PID:9112
- C:\Windows\System\LAkmbFl.exe
  C:\Windows\System\LAkmbFl.exe
  2⤵
  PID:9132
- C:\Windows\System\ZoBspsQ.exe
  C:\Windows\System\ZoBspsQ.exe
  2⤵
  PID:9152
- C:\Windows\System\YDfrcgq.exe
  C:\Windows\System\YDfrcgq.exe
  2⤵
  PID:9172
- C:\Windows\System\jBQpYCa.exe
  C:\Windows\System\jBQpYCa.exe
  2⤵
  PID:9196
- C:\Windows\System\IXBEkyB.exe
  C:\Windows\System\IXBEkyB.exe
  2⤵
  PID:7824
- C:\Windows\System\KcYfKfk.exe
  C:\Windows\System\KcYfKfk.exe
  2⤵
  PID:7792
- C:\Windows\System\ZCRpLvG.exe
  C:\Windows\System\ZCRpLvG.exe
  2⤵
  PID:7752
- C:\Windows\System\ajhiqIT.exe
  C:\Windows\System\ajhiqIT.exe
  2⤵
  PID:7712
- C:\Windows\System\KxmPBjF.exe
  C:\Windows\System\KxmPBjF.exe
  2⤵
  PID:7852
- C:\Windows\System\grcSrRI.exe
  C:\Windows\System\grcSrRI.exe
  2⤵
  PID:7888
- C:\Windows\System\nsPfjAn.exe
  C:\Windows\System\nsPfjAn.exe
  2⤵
  PID:7936
- C:\Windows\System\MAzMuCG.exe
  C:\Windows\System\MAzMuCG.exe
  2⤵
  PID:8048
- C:\Windows\System\hKrQKTU.exe
  C:\Windows\System\hKrQKTU.exe
  2⤵
  PID:9316
- C:\Windows\System\Jdulwke.exe
  C:\Windows\System\Jdulwke.exe
  2⤵
  PID:9356
- C:\Windows\System\gqDEZSk.exe
  C:\Windows\System\gqDEZSk.exe
  2⤵
  PID:9380
- C:\Windows\System\JPzzKQi.exe
  C:\Windows\System\JPzzKQi.exe
  2⤵
  PID:9396
- C:\Windows\System\fzuPpHJ.exe
  C:\Windows\System\fzuPpHJ.exe
  2⤵
  PID:9416
- C:\Windows\System\gxlhfFp.exe
  C:\Windows\System\gxlhfFp.exe
  2⤵
  PID:9436
- C:\Windows\System\JeRvSTy.exe
  C:\Windows\System\JeRvSTy.exe
  2⤵
  PID:9456
- C:\Windows\System\saiYgSf.exe
  C:\Windows\System\saiYgSf.exe
  2⤵
  PID:9476
- C:\Windows\System\CzpxXJP.exe
  C:\Windows\System\CzpxXJP.exe
  2⤵
  PID:9496
- C:\Windows\System\SXpXQqV.exe
  C:\Windows\System\SXpXQqV.exe
  2⤵
  PID:9516
- C:\Windows\System\KyaYABE.exe
  C:\Windows\System\KyaYABE.exe
  2⤵
  PID:9536
- C:\Windows\System\fUcSUqD.exe
  C:\Windows\System\fUcSUqD.exe
  2⤵
  PID:9552
- C:\Windows\System\OnnqCbO.exe
  C:\Windows\System\OnnqCbO.exe
  2⤵
  PID:9580
- C:\Windows\System\dGJskwl.exe
  C:\Windows\System\dGJskwl.exe
  2⤵
  PID:9600
- C:\Windows\System\HFoIPUN.exe
  C:\Windows\System\HFoIPUN.exe
  2⤵
  PID:9620
- C:\Windows\System\cJHuLUt.exe
  C:\Windows\System\cJHuLUt.exe
  2⤵
  PID:9648
- C:\Windows\System\DucfZSZ.exe
  C:\Windows\System\DucfZSZ.exe
  2⤵
  PID:9664
- C:\Windows\System\liigObS.exe
  C:\Windows\System\liigObS.exe
  2⤵
  PID:9680
- C:\Windows\System\kXHRPcR.exe
  C:\Windows\System\kXHRPcR.exe
  2⤵
  PID:9700
- C:\Windows\System\MIbZINn.exe
  C:\Windows\System\MIbZINn.exe
  2⤵
  PID:9716
- C:\Windows\System\NmWRRtz.exe
  C:\Windows\System\NmWRRtz.exe
  2⤵
  PID:9740
- C:\Windows\System\NxsjsNn.exe
  C:\Windows\System\NxsjsNn.exe
  2⤵
  PID:9756
- C:\Windows\System\dQzRGpY.exe
  C:\Windows\System\dQzRGpY.exe
  2⤵
  PID:9780
- C:\Windows\System\quDxmvb.exe
  C:\Windows\System\quDxmvb.exe
  2⤵
  PID:9796
- C:\Windows\System\EXlJoPE.exe
  C:\Windows\System\EXlJoPE.exe
  2⤵
  PID:9816
- C:\Windows\System\XrtOqMe.exe
  C:\Windows\System\XrtOqMe.exe
  2⤵
  PID:9836
- C:\Windows\System\lOacolh.exe
  C:\Windows\System\lOacolh.exe
  2⤵
  PID:9852
- C:\Windows\System\CXsYhTm.exe
  C:\Windows\System\CXsYhTm.exe
  2⤵
  PID:9868
- C:\Windows\System\LxHIIhm.exe
  C:\Windows\System\LxHIIhm.exe
  2⤵
  PID:9888
- C:\Windows\System\klaGWRS.exe
  C:\Windows\System\klaGWRS.exe
  2⤵
  PID:9908
- C:\Windows\System\IsZpjsv.exe
  C:\Windows\System\IsZpjsv.exe
  2⤵
  PID:9924
- C:\Windows\System\zryVqIq.exe
  C:\Windows\System\zryVqIq.exe
  2⤵
  PID:9948
- C:\Windows\System\akcgXOs.exe
  C:\Windows\System\akcgXOs.exe
  2⤵
  PID:9964
- C:\Windows\System\jioUrfg.exe
  C:\Windows\System\jioUrfg.exe
  2⤵
  PID:9992
- C:\Windows\System\RGWXfyb.exe
  C:\Windows\System\RGWXfyb.exe
  2⤵
  PID:10196
- C:\Windows\System\cOzmvPD.exe
  C:\Windows\System\cOzmvPD.exe
  2⤵
  PID:8592
- C:\Windows\System\KkfTkAX.exe
  C:\Windows\System\KkfTkAX.exe
  2⤵
  PID:8668
- C:\Windows\System\rPGtxmu.exe
  C:\Windows\System\rPGtxmu.exe
  2⤵
  PID:8704
- C:\Windows\System\AbCkCqE.exe
  C:\Windows\System\AbCkCqE.exe
  2⤵
  PID:8760
- C:\Windows\System\euqKkhC.exe
  C:\Windows\System\euqKkhC.exe
  2⤵
  PID:2372
- C:\Windows\System\ZVKAqdE.exe
  C:\Windows\System\ZVKAqdE.exe
  2⤵
  PID:8940
- C:\Windows\System\AZtXohH.exe
  C:\Windows\System\AZtXohH.exe
  2⤵
  PID:9184
- C:\Windows\System\chOeaVq.exe
  C:\Windows\System\chOeaVq.exe
  2⤵
  PID:3528
- C:\Windows\System\cwGsuAa.exe
  C:\Windows\System\cwGsuAa.exe
  2⤵
  PID:7924
- C:\Windows\System\yjQqgLb.exe
  C:\Windows\System\yjQqgLb.exe
  2⤵
  PID:6448
- C:\Windows\System\nXhShMb.exe
  C:\Windows\System\nXhShMb.exe
  2⤵
  PID:6588
- C:\Windows\System\ihfIDaX.exe
  C:\Windows\System\ihfIDaX.exe
  2⤵
  PID:6812
- C:\Windows\System\sbuomgm.exe
  C:\Windows\System\sbuomgm.exe
  2⤵
  PID:4540
- C:\Windows\System\GYHgGks.exe
  C:\Windows\System\GYHgGks.exe
  2⤵
  PID:8612
- C:\Windows\System\HhgDBKt.exe
  C:\Windows\System\HhgDBKt.exe
  2⤵
  PID:9988
- C:\Windows\System\PBCaHko.exe
  C:\Windows\System\PBCaHko.exe
  2⤵
  PID:9008
- C:\Windows\System\NRxmEYb.exe
  C:\Windows\System\NRxmEYb.exe
  2⤵
  PID:3608
- C:\Windows\System\zUNhvaR.exe
  C:\Windows\System\zUNhvaR.exe
  2⤵
  PID:9164
- C:\Windows\System\lhiOKOv.exe
  C:\Windows\System\lhiOKOv.exe
  2⤵
  PID:9080
- C:\Windows\System\ERnhhLH.exe
  C:\Windows\System\ERnhhLH.exe
  2⤵
  PID:9004
- C:\Windows\System\esUECOR.exe
  C:\Windows\System\esUECOR.exe
  2⤵
  PID:10060
- C:\Windows\System\CVPZdZW.exe
  C:\Windows\System\CVPZdZW.exe
  2⤵
  PID:10256
- C:\Windows\System\uxacTZn.exe
  C:\Windows\System\uxacTZn.exe
  2⤵
  PID:10272
- C:\Windows\System\tJJzoop.exe
  C:\Windows\System\tJJzoop.exe
  2⤵
  PID:10292
- C:\Windows\System\fUvTayM.exe
  C:\Windows\System\fUvTayM.exe
  2⤵
  PID:10308
- C:\Windows\System\KVyzzOy.exe
  C:\Windows\System\KVyzzOy.exe
  2⤵
  PID:10332
- C:\Windows\System\VoPzSGd.exe
  C:\Windows\System\VoPzSGd.exe
  2⤵
  PID:10348
- C:\Windows\System\FhqFxdI.exe
  C:\Windows\System\FhqFxdI.exe
  2⤵
  PID:10364
- C:\Windows\System\LfgkToP.exe
  C:\Windows\System\LfgkToP.exe
  2⤵
  PID:10392
- C:\Windows\System\JtMNDey.exe
  C:\Windows\System\JtMNDey.exe
  2⤵
  PID:10408
- C:\Windows\System\EnHcDCx.exe
  C:\Windows\System\EnHcDCx.exe
  2⤵
  PID:10436
- C:\Windows\System\DyVnhnf.exe
  C:\Windows\System\DyVnhnf.exe
  2⤵
  PID:10456
- C:\Windows\System\EMKhmNB.exe
  C:\Windows\System\EMKhmNB.exe
  2⤵
  PID:10476
- C:\Windows\System\nvUTjcA.exe
  C:\Windows\System\nvUTjcA.exe
  2⤵
  PID:10504
- C:\Windows\System\xqiAUYG.exe
  C:\Windows\System\xqiAUYG.exe
  2⤵
  PID:10520
- C:\Windows\System\cFeXFXw.exe
  C:\Windows\System\cFeXFXw.exe
  2⤵
  PID:10548
- C:\Windows\System\yqbFdgy.exe
  C:\Windows\System\yqbFdgy.exe
  2⤵
  PID:10564
- C:\Windows\System\lBaYMpa.exe
  C:\Windows\System\lBaYMpa.exe
  2⤵
  PID:10588
- C:\Windows\System\BbLRKAz.exe
  C:\Windows\System\BbLRKAz.exe
  2⤵
  PID:10612
- C:\Windows\System\jJWDRbA.exe
  C:\Windows\System\jJWDRbA.exe
  2⤵
  PID:10628
- C:\Windows\System\JYVCeZt.exe
  C:\Windows\System\JYVCeZt.exe
  2⤵
  PID:10652
- C:\Windows\System\jBnCECm.exe
  C:\Windows\System\jBnCECm.exe
  2⤵
  PID:10672
- C:\Windows\System\oxgAoTF.exe
  C:\Windows\System\oxgAoTF.exe
  2⤵
  PID:10692
- C:\Windows\System\BISZgzk.exe
  C:\Windows\System\BISZgzk.exe
  2⤵
  PID:10716
- C:\Windows\System\aAlmlnW.exe
  C:\Windows\System\aAlmlnW.exe
  2⤵
  PID:10732
- C:\Windows\System\PhAQdRg.exe
  C:\Windows\System\PhAQdRg.exe
  2⤵
  PID:10756
- C:\Windows\System\HplRbSq.exe
  C:\Windows\System\HplRbSq.exe
  2⤵
  PID:10784
- C:\Windows\System\yluyIjT.exe
  C:\Windows\System\yluyIjT.exe
  2⤵
  PID:10804
- C:\Windows\System\fDHryxO.exe
  C:\Windows\System\fDHryxO.exe
  2⤵
  PID:10828
- C:\Windows\System\BPqkmFc.exe
  C:\Windows\System\BPqkmFc.exe
  2⤵
  PID:10856
- C:\Windows\System\pVLSbug.exe
  C:\Windows\System\pVLSbug.exe
  2⤵
  PID:10888
- C:\Windows\System\ieVKtll.exe
  C:\Windows\System\ieVKtll.exe
  2⤵
  PID:10908
- C:\Windows\System\CIcGqEx.exe
  C:\Windows\System\CIcGqEx.exe
  2⤵
  PID:10936
- C:\Windows\System\XksPCSj.exe
  C:\Windows\System\XksPCSj.exe
  2⤵
  PID:10952
- C:\Windows\System\HxLeoEi.exe
  C:\Windows\System\HxLeoEi.exe
  2⤵
  PID:10984
- C:\Windows\System\xLKzfOG.exe
  C:\Windows\System\xLKzfOG.exe
  2⤵
  PID:11008
- C:\Windows\System\ecRnEjn.exe
  C:\Windows\System\ecRnEjn.exe
  2⤵
  PID:11028
- C:\Windows\System\LoifwMG.exe
  C:\Windows\System\LoifwMG.exe
  2⤵
  PID:11052
- C:\Windows\System\YEYSRwz.exe
  C:\Windows\System\YEYSRwz.exe
  2⤵
  PID:11076
- C:\Windows\System\ZngGBnC.exe
  C:\Windows\System\ZngGBnC.exe
  2⤵
  PID:11096
- C:\Windows\System\ePvZLlR.exe
  C:\Windows\System\ePvZLlR.exe
  2⤵
  PID:11116
- C:\Windows\System\czgwzPO.exe
  C:\Windows\System\czgwzPO.exe
  2⤵
  PID:11144
- C:\Windows\System\DITtoZC.exe
  C:\Windows\System\DITtoZC.exe
  2⤵
  PID:11164
- C:\Windows\System\mSLIvBF.exe
  C:\Windows\System\mSLIvBF.exe
  2⤵
  PID:11184
- C:\Windows\System\IRPZRvw.exe
  C:\Windows\System\IRPZRvw.exe
  2⤵
  PID:11200
- C:\Windows\System\NUlgmgE.exe
  C:\Windows\System\NUlgmgE.exe
  2⤵
  PID:11224
- C:\Windows\System\crECMkR.exe
  C:\Windows\System\crECMkR.exe
  2⤵
  PID:11244
- C:\Windows\System\dOWSLTt.exe
  C:\Windows\System\dOWSLTt.exe
  2⤵
  PID:5336
- C:\Windows\System\GxqxLPN.exe
  C:\Windows\System\GxqxLPN.exe
  2⤵
  PID:5644
- C:\Windows\System\CFUfYtw.exe
  C:\Windows\System\CFUfYtw.exe
  2⤵
  PID:7596
- C:\Windows\System\bXUVzVb.exe
  C:\Windows\System\bXUVzVb.exe
  2⤵
  PID:7192
- C:\Windows\System\tCaXtrC.exe
  C:\Windows\System\tCaXtrC.exe
  2⤵
  PID:7352
- C:\Windows\System\xFtgtIU.exe
  C:\Windows\System\xFtgtIU.exe
  2⤵
  PID:6864
- C:\Windows\System\ZFSphOq.exe
  C:\Windows\System\ZFSphOq.exe
  2⤵
  PID:8284
- C:\Windows\System\BCAxtMk.exe
  C:\Windows\System\BCAxtMk.exe
  2⤵
  PID:8340
- C:\Windows\System\fytJpXn.exe
  C:\Windows\System\fytJpXn.exe
  2⤵
  PID:8404
- C:\Windows\System\xDkUJhc.exe
  C:\Windows\System\xDkUJhc.exe
  2⤵
  PID:8512
- C:\Windows\System\gDmwVAv.exe
  C:\Windows\System\gDmwVAv.exe
  2⤵
  PID:8652
- C:\Windows\System\rjpeVxQ.exe
  C:\Windows\System\rjpeVxQ.exe
  2⤵
  PID:8728
- C:\Windows\System\bnMOTlO.exe
  C:\Windows\System\bnMOTlO.exe
  2⤵
  PID:8800
- C:\Windows\System\QCSFMnk.exe
  C:\Windows\System\QCSFMnk.exe
  2⤵
  PID:8836
- C:\Windows\System\jCSdsoD.exe
  C:\Windows\System\jCSdsoD.exe
  2⤵
  PID:10224
- C:\Windows\System\RXaebbu.exe
  C:\Windows\System\RXaebbu.exe
  2⤵
  PID:5012
- C:\Windows\System\TnrvPHe.exe
  C:\Windows\System\TnrvPHe.exe
  2⤵
  PID:11280
- C:\Windows\System\sWEolMu.exe
  C:\Windows\System\sWEolMu.exe
  2⤵
  PID:11296
- C:\Windows\System\qTyTowe.exe
  C:\Windows\System\qTyTowe.exe
  2⤵
  PID:11312
- C:\Windows\System\qEERuvo.exe
  C:\Windows\System\qEERuvo.exe
  2⤵
  PID:11328
- C:\Windows\System\mAnHtEw.exe
  C:\Windows\System\mAnHtEw.exe
  2⤵
  PID:11344
- C:\Windows\System\DRvsRwQ.exe
  C:\Windows\System\DRvsRwQ.exe
  2⤵
  PID:11360
- C:\Windows\System\ELybjSi.exe
  C:\Windows\System\ELybjSi.exe
  2⤵
  PID:11376
- C:\Windows\System\EXMfQGP.exe
  C:\Windows\System\EXMfQGP.exe
  2⤵
  PID:11392
- C:\Windows\System\ZioGAyc.exe
  C:\Windows\System\ZioGAyc.exe
  2⤵
  PID:11408
- C:\Windows\System\EcBbKzr.exe
  C:\Windows\System\EcBbKzr.exe
  2⤵
  PID:11424
- C:\Windows\System\xdILLAM.exe
  C:\Windows\System\xdILLAM.exe
  2⤵
  PID:11440
- C:\Windows\System\GkQbjAv.exe
  C:\Windows\System\GkQbjAv.exe
  2⤵
  PID:11460
- C:\Windows\System\bXpjcbm.exe
  C:\Windows\System\bXpjcbm.exe
  2⤵
  PID:11480
- C:\Windows\System\wFHaCkv.exe
  C:\Windows\System\wFHaCkv.exe
  2⤵
  PID:11496
- C:\Windows\System\ZJCEdmq.exe
  C:\Windows\System\ZJCEdmq.exe
  2⤵
  PID:11512
- C:\Windows\System\KMhqJdD.exe
  C:\Windows\System\KMhqJdD.exe
  2⤵
  PID:11528
- C:\Windows\System\LXEXxwQ.exe
  C:\Windows\System\LXEXxwQ.exe
  2⤵
  PID:11544
- C:\Windows\System\oMNqyCr.exe
  C:\Windows\System\oMNqyCr.exe
  2⤵
  PID:11584
- C:\Windows\System\mQdsTEE.exe
  C:\Windows\System\mQdsTEE.exe
  2⤵
  PID:11616
- C:\Windows\System\ceCCCPo.exe
  C:\Windows\System\ceCCCPo.exe
  2⤵
  PID:11632
- C:\Windows\System\hhPgNIO.exe
  C:\Windows\System\hhPgNIO.exe
  2⤵
  PID:11660
- C:\Windows\System\oYswcub.exe
  C:\Windows\System\oYswcub.exe
  2⤵
  PID:11680
- C:\Windows\System\LqYKsxb.exe
  C:\Windows\System\LqYKsxb.exe
  2⤵
  PID:11724
- C:\Windows\System\dZWyngi.exe
  C:\Windows\System\dZWyngi.exe
  2⤵
  PID:11740
- C:\Windows\System\bOjFqec.exe
  C:\Windows\System\bOjFqec.exe
  2⤵
  PID:11756
- C:\Windows\System\mQjmtqY.exe
  C:\Windows\System\mQjmtqY.exe
  2⤵
  PID:11772
- C:\Windows\System\csCvDnT.exe
  C:\Windows\System\csCvDnT.exe
  2⤵
  PID:11792
- C:\Windows\System\pLhNVaY.exe
  C:\Windows\System\pLhNVaY.exe
  2⤵
  PID:11836
- C:\Windows\System\UzjFstg.exe
  C:\Windows\System\UzjFstg.exe
  2⤵
  PID:11856
- C:\Windows\System\LGCePft.exe
  C:\Windows\System\LGCePft.exe
  2⤵
  PID:11876
- C:\Windows\System\BabzAlT.exe
  C:\Windows\System\BabzAlT.exe
  2⤵
  PID:11896
- C:\Windows\System\hxTHtGN.exe
  C:\Windows\System\hxTHtGN.exe
  2⤵
  PID:11916
- C:\Windows\System\Cnydedr.exe
  C:\Windows\System\Cnydedr.exe
  2⤵
  PID:11932
- C:\Windows\System\eNObktE.exe
  C:\Windows\System\eNObktE.exe
  2⤵
  PID:11948
- C:\Windows\System\zNlCXbB.exe
  C:\Windows\System\zNlCXbB.exe
  2⤵
  PID:11964
- C:\Windows\System\rWZzsBk.exe
  C:\Windows\System\rWZzsBk.exe
  2⤵
  PID:11984
- C:\Windows\System\HcRnluT.exe
  C:\Windows\System\HcRnluT.exe
  2⤵
  PID:12004
- C:\Windows\System\syxznhQ.exe
  C:\Windows\System\syxznhQ.exe
  2⤵
  PID:12020
- C:\Windows\System\TmUlKNE.exe
  C:\Windows\System\TmUlKNE.exe
  2⤵
  PID:12044
- C:\Windows\System\pGYNrpF.exe
  C:\Windows\System\pGYNrpF.exe
  2⤵
  PID:12060
- C:\Windows\System\hhbAcCu.exe
  C:\Windows\System\hhbAcCu.exe
  2⤵
  PID:12080
- C:\Windows\System\DWgknbx.exe
  C:\Windows\System\DWgknbx.exe
  2⤵
  PID:12120
- C:\Windows\System\PAvRmmQ.exe
  C:\Windows\System\PAvRmmQ.exe
  2⤵
  PID:12148
- C:\Windows\System\fciWTDv.exe
  C:\Windows\System\fciWTDv.exe
  2⤵
  PID:12168
- C:\Windows\System\BMHDJTw.exe
  C:\Windows\System\BMHDJTw.exe
  2⤵
  PID:12188
- C:\Windows\System\tERCOxY.exe
  C:\Windows\System\tERCOxY.exe
  2⤵
  PID:12212
- C:\Windows\System\nHDoVwn.exe
  C:\Windows\System\nHDoVwn.exe
  2⤵
  PID:12228
- C:\Windows\System\HvcQCkU.exe
  C:\Windows\System\HvcQCkU.exe
  2⤵
  PID:12252
- C:\Windows\System\hTOHCgM.exe
  C:\Windows\System\hTOHCgM.exe
  2⤵
  PID:12268
- C:\Windows\System\draMvOp.exe
  C:\Windows\System\draMvOp.exe
  2⤵
  PID:8016
- C:\Windows\System\LSFcBfZ.exe
  C:\Windows\System\LSFcBfZ.exe
  2⤵
  PID:9104
- C:\Windows\System\JjrqUaJ.exe
  C:\Windows\System\JjrqUaJ.exe
  2⤵
  PID:6744
- C:\Windows\System\IMBVXvR.exe
  C:\Windows\System\IMBVXvR.exe
  2⤵
  PID:9124
- C:\Windows\System\byHJOKK.exe
  C:\Windows\System\byHJOKK.exe
  2⤵
  PID:7676
- C:\Windows\System\GNNfKiS.exe
  C:\Windows\System\GNNfKiS.exe
  2⤵
  PID:864
- C:\Windows\System\RmBCUjV.exe
  C:\Windows\System\RmBCUjV.exe
  2⤵
  PID:9224
- C:\Windows\System\IJGVHhB.exe
  C:\Windows\System\IJGVHhB.exe
  2⤵
  PID:9372
- C:\Windows\System\tdrMxSg.exe
  C:\Windows\System\tdrMxSg.exe
  2⤵
  PID:9412
- C:\Windows\System\jGHObPC.exe
  C:\Windows\System\jGHObPC.exe
  2⤵
  PID:9492
- C:\Windows\System\LALQBZR.exe
  C:\Windows\System\LALQBZR.exe
  2⤵
  PID:9572
- C:\Windows\System\YFUjDoD.exe
  C:\Windows\System\YFUjDoD.exe
  2⤵
  PID:9688
- C:\Windows\System\YUKqnEo.exe
  C:\Windows\System\YUKqnEo.exe
  2⤵
  PID:9752
- C:\Windows\System\eDWMCjr.exe
  C:\Windows\System\eDWMCjr.exe
  2⤵
  PID:9848
- C:\Windows\System\mBrkbCh.exe
  C:\Windows\System\mBrkbCh.exe
  2⤵
  PID:9920
- C:\Windows\System\FaXoCQE.exe
  C:\Windows\System\FaXoCQE.exe
  2⤵
  PID:10204
- C:\Windows\System\QyUGWtF.exe
  C:\Windows\System\QyUGWtF.exe
  2⤵
  PID:9896
- C:\Windows\System\TPAPncn.exe
  C:\Windows\System\TPAPncn.exe
  2⤵
  PID:9824
- C:\Windows\System\hOiNOSz.exe
  C:\Windows\System\hOiNOSz.exe
  2⤵
  PID:9748
- C:\Windows\System\YMPAIDE.exe
  C:\Windows\System\YMPAIDE.exe
  2⤵
  PID:9672
- C:\Windows\System\jntwMjh.exe
  C:\Windows\System\jntwMjh.exe
  2⤵
  PID:9544
- C:\Windows\System\RcLbrDX.exe
  C:\Windows\System\RcLbrDX.exe
  2⤵
  PID:9448
- C:\Windows\System\oezMSwh.exe
  C:\Windows\System\oezMSwh.exe
  2⤵
  PID:1472
- C:\Windows\System\QBfjjsV.exe
  C:\Windows\System\QBfjjsV.exe
  2⤵
  PID:9204
- C:\Windows\System\BEyWFvE.exe
  C:\Windows\System\BEyWFvE.exe
  2⤵
  PID:10452
- C:\Windows\System\rCmcWsC.exe
  C:\Windows\System\rCmcWsC.exe
  2⤵
  PID:10560
- C:\Windows\System\XYZJQTu.exe
  C:\Windows\System\XYZJQTu.exe
  2⤵
  PID:10728
- C:\Windows\System\EFcZeyJ.exe
  C:\Windows\System\EFcZeyJ.exe
  2⤵
  PID:12300
- C:\Windows\System\inJEhSm.exe
  C:\Windows\System\inJEhSm.exe
  2⤵
  PID:12324
- C:\Windows\System\jFksVpW.exe
  C:\Windows\System\jFksVpW.exe
  2⤵
  PID:12348
- C:\Windows\System\tznxsJI.exe
  C:\Windows\System\tznxsJI.exe
  2⤵
  PID:12376
- C:\Windows\System\pISLieu.exe
  C:\Windows\System\pISLieu.exe
  2⤵
  PID:12400
- C:\Windows\System\MBzTApX.exe
  C:\Windows\System\MBzTApX.exe
  2⤵
  PID:12432
- C:\Windows\System\wripmpf.exe
  C:\Windows\System\wripmpf.exe
  2⤵
  PID:12452
- C:\Windows\System\dAGEnOK.exe
  C:\Windows\System\dAGEnOK.exe
  2⤵
  PID:12480
- C:\Windows\System\dYDbNfL.exe
  C:\Windows\System\dYDbNfL.exe
  2⤵
  PID:12496
- C:\Windows\System\lZBgJdZ.exe
  C:\Windows\System\lZBgJdZ.exe
  2⤵
  PID:12520
- C:\Windows\System\qOgmQRT.exe
  C:\Windows\System\qOgmQRT.exe
  2⤵
  PID:12548
- C:\Windows\System\rhBtpYL.exe
  C:\Windows\System\rhBtpYL.exe
  2⤵
  PID:12568
- C:\Windows\System\rTFpdus.exe
  C:\Windows\System\rTFpdus.exe
  2⤵
  PID:12596
- C:\Windows\System\qwyGaqp.exe
  C:\Windows\System\qwyGaqp.exe
  2⤵
  PID:12620
- C:\Windows\System\CbqQBvC.exe
  C:\Windows\System\CbqQBvC.exe
  2⤵
  PID:12640
- C:\Windows\System\ZPEKpOM.exe
  C:\Windows\System\ZPEKpOM.exe
  2⤵
  PID:12660
- C:\Windows\System\UaGlzSm.exe
  C:\Windows\System\UaGlzSm.exe
  2⤵
  PID:12684
- C:\Windows\System\AaqkMrL.exe
  C:\Windows\System\AaqkMrL.exe
  2⤵
  PID:12700
- C:\Windows\System\HFsGbSo.exe
  C:\Windows\System\HFsGbSo.exe
  2⤵
  PID:12728
- C:\Windows\System\zZqtjNW.exe
  C:\Windows\System\zZqtjNW.exe
  2⤵
  PID:12752
- C:\Windows\System\eehJXSs.exe
  C:\Windows\System\eehJXSs.exe
  2⤵
  PID:12772
- C:\Windows\System\cxEITUW.exe
  C:\Windows\System\cxEITUW.exe
  2⤵
  PID:12792
- C:\Windows\System\cOUfEzg.exe
  C:\Windows\System\cOUfEzg.exe
  2⤵
  PID:12816
- C:\Windows\System\pJrDcbk.exe
  C:\Windows\System\pJrDcbk.exe
  2⤵
  PID:4836
- C:\Windows\System\lWviqYN.exe
  C:\Windows\System\lWviqYN.exe
  2⤵
  PID:8324
- C:\Windows\System\jQueoWl.exe
  C:\Windows\System\jQueoWl.exe
  2⤵
  PID:8740
- C:\Windows\System\qqvmtOR.exe
  C:\Windows\System\qqvmtOR.exe
  2⤵
  PID:11604
- C:\Windows\System\sSScAgz.exe
  C:\Windows\System\sSScAgz.exe
  2⤵
  PID:11652
- C:\Windows\System\ctptVLB.exe
  C:\Windows\System\ctptVLB.exe
  2⤵
  PID:6488
- C:\Windows\System\fTOKDxM.exe
  C:\Windows\System\fTOKDxM.exe
  2⤵
  PID:10280
- C:\Windows\System\YgcIlMy.exe
  C:\Windows\System\YgcIlMy.exe
  2⤵
  PID:10152
- C:\Windows\System\NfZqHnJ.exe
  C:\Windows\System\NfZqHnJ.exe
  2⤵
  PID:12164
- C:\Windows\System\BWJQDnT.exe
  C:\Windows\System\BWJQDnT.exe
  2⤵
  PID:9616
- C:\Windows\System\TJVNObN.exe
  C:\Windows\System\TJVNObN.exe
  2⤵
  PID:10620
- C:\Windows\System\INZHJRc.exe
  C:\Windows\System\INZHJRc.exe
  2⤵
  PID:10664
- C:\Windows\System\GsCcHzr.exe
  C:\Windows\System\GsCcHzr.exe
  2⤵
  PID:10764
- C:\Windows\System\ZvyxyGZ.exe
  C:\Windows\System\ZvyxyGZ.exe
  2⤵
  PID:12292
- C:\Windows\System\TfqDIFs.exe
  C:\Windows\System\TfqDIFs.exe
  2⤵
  PID:10776
- C:\Windows\System\iMPPtsq.exe
  C:\Windows\System\iMPPtsq.exe
  2⤵
  PID:10236
- C:\Windows\System\yamPNUI.exe
  C:\Windows\System\yamPNUI.exe
  2⤵
  PID:10920
- C:\Windows\System\MyJsjdo.exe
  C:\Windows\System\MyJsjdo.exe
  2⤵
  PID:11000
- C:\Windows\System\uznfPjA.exe
  C:\Windows\System\uznfPjA.exe
  2⤵
  PID:12812
- C:\Windows\System\TcTwWud.exe
  C:\Windows\System\TcTwWud.exe
  2⤵
  PID:11104
- C:\Windows\System\dLjoVUh.exe
  C:\Windows\System\dLjoVUh.exe
  2⤵
  PID:7648
- C:\Windows\System\sPExPPV.exe
  C:\Windows\System\sPExPPV.exe
  2⤵
  PID:8532
- C:\Windows\System\lSpITBS.exe
  C:\Windows\System\lSpITBS.exe
  2⤵
  PID:13324
- C:\Windows\System\cyfxFFS.exe
  C:\Windows\System\cyfxFFS.exe
  2⤵
  PID:13352
- C:\Windows\System\RcoOctl.exe
  C:\Windows\System\RcoOctl.exe
  2⤵
  PID:13372
- C:\Windows\System\StyidOt.exe
  C:\Windows\System\StyidOt.exe
  2⤵
  PID:13456
- C:\Windows\System\VqbwKYZ.exe
  C:\Windows\System\VqbwKYZ.exe
  2⤵
  PID:13480
- C:\Windows\System\gvrnGqu.exe
  C:\Windows\System\gvrnGqu.exe
  2⤵
  PID:13504
- C:\Windows\System\BsnLaPI.exe
  C:\Windows\System\BsnLaPI.exe
  2⤵
  PID:13524
- C:\Windows\System\mVjCGZz.exe
  C:\Windows\System\mVjCGZz.exe
  2⤵
  PID:13544
- C:\Windows\System\EpYljkK.exe
  C:\Windows\System\EpYljkK.exe
  2⤵
  PID:13564
- C:\Windows\System\YroJlAc.exe
  C:\Windows\System\YroJlAc.exe
  2⤵
  PID:13592
- C:\Windows\System\HjddWSo.exe
  C:\Windows\System\HjddWSo.exe
  2⤵
  PID:13612
- C:\Windows\System\DIxTTsv.exe
  C:\Windows\System\DIxTTsv.exe
  2⤵
  PID:13636
- C:\Windows\System\gCGdNWr.exe
  C:\Windows\System\gCGdNWr.exe
  2⤵
  PID:13652
- C:\Windows\System\SbAuApC.exe
  C:\Windows\System\SbAuApC.exe
  2⤵
  PID:13672
- C:\Windows\System\xyZaepL.exe
  C:\Windows\System\xyZaepL.exe
  2⤵
  PID:13700
- C:\Windows\System\LCisEPh.exe
  C:\Windows\System\LCisEPh.exe
  2⤵
  PID:13716
- C:\Windows\System\lGbBeLM.exe
  C:\Windows\System\lGbBeLM.exe
  2⤵
  PID:13740
- C:\Windows\System\anitYzI.exe
  C:\Windows\System\anitYzI.exe
  2⤵
  PID:13764
- C:\Windows\System\DLpWsOl.exe
  C:\Windows\System\DLpWsOl.exe
  2⤵
  PID:11488
- C:\Windows\System\xraQoUa.exe
  C:\Windows\System\xraQoUa.exe
  2⤵
  PID:4040
- C:\Windows\System\QINPsRV.exe
  C:\Windows\System\QINPsRV.exe
  2⤵
  PID:11656
- C:\Windows\System\LvkKAFA.exe
  C:\Windows\System\LvkKAFA.exe
  2⤵
  PID:12248
- C:\Windows\System\FvNpJkr.exe
  C:\Windows\System\FvNpJkr.exe
  2⤵
  PID:5412
- C:\Windows\System\pDYtPCQ.exe
  C:\Windows\System\pDYtPCQ.exe
  2⤵
  PID:9340
- C:\Windows\System\kkfjbco.exe
  C:\Windows\System\kkfjbco.exe
  2⤵
  PID:9452
- C:\Windows\System\ZBIxgQy.exe
  C:\Windows\System\ZBIxgQy.exe
  2⤵
  PID:9712
- C:\Windows\System\ZPkmJro.exe
  C:\Windows\System\ZPkmJro.exe
  2⤵
  PID:1812
- C:\Windows\System\NdcfKMw.exe
  C:\Windows\System\NdcfKMw.exe
  2⤵
  PID:9708
- C:\Windows\System\arStqUv.exe
  C:\Windows\System\arStqUv.exe
  2⤵
  PID:10512
- C:\Windows\System\XcfMpOS.exe
  C:\Windows\System\XcfMpOS.exe
  2⤵
  PID:12356
- C:\Windows\System\WOioTwR.exe
  C:\Windows\System\WOioTwR.exe
  2⤵
  PID:12504
- C:\Windows\System\lsybwYE.exe
  C:\Windows\System\lsybwYE.exe
  2⤵
  PID:12584
- C:\Windows\System\olorrHl.exe
  C:\Windows\System\olorrHl.exe
  2⤵
  PID:12656
- C:\Windows\System\pMWRCHc.exe
  C:\Windows\System\pMWRCHc.exe
  2⤵
  PID:10484
- C:\Windows\System\XohptbK.exe
  C:\Windows\System\XohptbK.exe
  2⤵
  PID:14036
- C:\Windows\System\vezkhbU.exe
  C:\Windows\System\vezkhbU.exe
  2⤵
  PID:1788
- C:\Windows\System\BWBdHTw.exe
  C:\Windows\System\BWBdHTw.exe
  2⤵
  PID:11752
- C:\Windows\System\LiueDrU.exe
  C:\Windows\System\LiueDrU.exe
  2⤵
  PID:12072
- C:\Windows\System\ukwwxQY.exe
  C:\Windows\System\ukwwxQY.exe
  2⤵
  PID:14320
- C:\Windows\System\klMvpXg.exe
  C:\Windows\System\klMvpXg.exe
  2⤵
  PID:14164
- C:\Windows\System\SynohYD.exe
  C:\Windows\System\SynohYD.exe
  2⤵
  PID:12992
- C:\Windows\System\IqOwtOl.exe
  C:\Windows\System\IqOwtOl.exe
  2⤵
  PID:14248
- C:\Windows\System\fjhKrKN.exe
  C:\Windows\System\fjhKrKN.exe
  2⤵
  PID:11640
- C:\Windows\System\NNWgVgB.exe
  C:\Windows\System\NNWgVgB.exe
  2⤵
  PID:12000
- C:\Windows\System\KzmyEiy.exe
  C:\Windows\System\KzmyEiy.exe
  2⤵
  PID:11272
- C:\Windows\System\tAXAdsH.exe
  C:\Windows\System\tAXAdsH.exe
  2⤵
  PID:11384
- C:\Windows\System\NBjxkzP.exe
  C:\Windows\System\NBjxkzP.exe
  2⤵
  PID:468
- C:\Windows\System\bHkffgw.exe
  C:\Windows\System\bHkffgw.exe
  2⤵
  PID:11540
- C:\Windows\System\EpkiqmW.exe
  C:\Windows\System\EpkiqmW.exe
  2⤵
  PID:11628
- C:\Windows\System\adlFawM.exe
  C:\Windows\System\adlFawM.exe
  2⤵
  PID:13008
- C:\Windows\System\DlmdrGq.exe
  C:\Windows\System\DlmdrGq.exe
  2⤵
  PID:11240
- C:\Windows\System\tVumxQX.exe
  C:\Windows\System\tVumxQX.exe
  2⤵
  PID:10444
- C:\Windows\System\bfdOvzJ.exe
  C:\Windows\System\bfdOvzJ.exe
  2⤵
  PID:13232
- C:\Windows\System\fGLErNm.exe
  C:\Windows\System\fGLErNm.exe
  2⤵
  PID:10748
- C:\Windows\System\SUJCeZg.exe
  C:\Windows\System\SUJCeZg.exe
  2⤵
  PID:3872
- C:\Windows\System\botXKLH.exe
  C:\Windows\System\botXKLH.exe
  2⤵
  PID:7612
- C:\Windows\System\uQhwmnl.exe
  C:\Windows\System\uQhwmnl.exe
  2⤵
  PID:8588
- C:\Windows\System\yPFpHOu.exe
  C:\Windows\System\yPFpHOu.exe
  2⤵
  PID:2948
- C:\Windows\System\HsaDmLz.exe
  C:\Windows\System\HsaDmLz.exe
  2⤵
  PID:8608
- C:\Windows\System\KmXBBoG.exe
  C:\Windows\System\KmXBBoG.exe
  2⤵
  PID:10580
- C:\Windows\System\XnVtkYP.exe
  C:\Windows\System\XnVtkYP.exe
  2⤵
  PID:13804
- C:\Windows\System\ZumiNIW.exe
  C:\Windows\System\ZumiNIW.exe
  2⤵
  PID:13048
- C:\Windows\System\DdnHAQk.exe
  C:\Windows\System\DdnHAQk.exe
  2⤵
  PID:5100
- C:\Windows\System\nknnmss.exe
  C:\Windows\System\nknnmss.exe
  2⤵
  PID:7520
- C:\Windows\System\ZPrusHu.exe
  C:\Windows\System\ZPrusHu.exe
  2⤵
  PID:14080
- C:\Windows\System\dOWSFtq.exe
  C:\Windows\System\dOWSFtq.exe
  2⤵
  PID:13948
- C:\Windows\System\PyiBPdn.exe
  C:\Windows\System\PyiBPdn.exe
  2⤵
  PID:4784
- C:\Windows\System\noiJDbI.exe
  C:\Windows\System\noiJDbI.exe
  2⤵
  PID:12632
- C:\Windows\System\eQLFWvn.exe
  C:\Windows\System\eQLFWvn.exe
  2⤵
  PID:10128
- C:\Windows\System\peSoTGG.exe
  C:\Windows\System\peSoTGG.exe
  2⤵
  PID:6148
- C:\Windows\System\EWPKAgh.exe
  C:\Windows\System\EWPKAgh.exe
  2⤵
  PID:14052
- C:\Windows\System\vFAJUrM.exe
  C:\Windows\System\vFAJUrM.exe
  2⤵
  PID:14116
- C:\Windows\System\vfUfbPH.exe
  C:\Windows\System\vfUfbPH.exe
  2⤵
  PID:4432
- C:\Windows\System\spQOOFe.exe
  C:\Windows\System\spQOOFe.exe
  2⤵
  PID:11676
- C:\Windows\System\kyzYtBP.exe
  C:\Windows\System\kyzYtBP.exe
  2⤵
  PID:14280
- C:\Windows\System\dpuLZcC.exe
  C:\Windows\System\dpuLZcC.exe
  2⤵
  PID:14188
- C:\Windows\System\metdybz.exe
  C:\Windows\System\metdybz.exe
  2⤵
  PID:9792
- C:\Windows\System\ewhJVnN.exe
  C:\Windows\System\ewhJVnN.exe
  2⤵
  PID:11556
- C:\Windows\System\djgQenL.exe
  C:\Windows\System\djgQenL.exe
  2⤵
  PID:11568
- C:\Windows\System\esbbSSi.exe
  C:\Windows\System\esbbSSi.exe
  2⤵
  PID:2196
- C:\Windows\System\tyDkiDn.exe
  C:\Windows\System\tyDkiDn.exe
  2⤵
  PID:12464
- C:\Windows\System\RUOFJeY.exe
  C:\Windows\System\RUOFJeY.exe
  2⤵
  PID:4260
- C:\Windows\System\YKfHEfP.exe
  C:\Windows\System\YKfHEfP.exe
  2⤵
  PID:10948
- C:\Windows\System\AxtykrS.exe
  C:\Windows\System\AxtykrS.exe
  2⤵
  PID:12708
- C:\Windows\System\FDdJrkV.exe
  C:\Windows\System\FDdJrkV.exe
  2⤵
  PID:6276
- C:\Windows\System\amhCnta.exe
  C:\Windows\System\amhCnta.exe
  2⤵
  PID:14184

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:11580

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5h5qp025.b3d.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Windows\System\Azgcaqw.exe

Filesize
1.3MB

MD5
4877ddb0a3f68474e69b3c3100a60810

SHA1
18d7f501fca11e2eabf2ca2d2ea46d2ee7ca113f

SHA256
04ca5f8b8d69767506e0d8ef757ae67eb495aa1d7a2c40e3e3d094ba6923d072

SHA512
1bc361b00cfe9c4dca60258b1a0b4553f41c86f0a25bea4b390988dce876aead69642b5739271b062cc954ca04e470ffe2f63a9639ff8faa10743878042bd419

Download Submit
C:\Windows\System\CagTzoj.exe

Filesize
1.3MB

MD5
154f917dc6ad3fdace146e1c29eb312f

SHA1
c841e8beee52bc52d50a510ce3d25ba16c9e0083

SHA256
c708ec3acc5ef2fac1218103c2aa087152025aae47516050e6b72b87d8f30b5a

SHA512
95a5d7d45c3ca3e6b8cee8cf18215036d22217f6c499190dc081ac50add6aa100178b44297f5686c08f69dfaf9d6ae7ee7a12ce022f34ce397a1fa589c03346c

Download Submit
C:\Windows\System\GTvdirp.exe

Filesize
1.3MB

MD5
a7d65e4a56c0f9c350b23f1aa7f51007

SHA1
3d5004527355cc87f5b1cc25df0298136bd6dd08

SHA256
eae1219fdd548087cb9faf9e97a3e65ae875891a9b946d43b13cfa804964575f

SHA512
ec330b8395281eca9c1c64dc29bba39a543ebd7cc5b118342df93558f516b718c1fcb0468f46b73301ddccd644438c6b3a4bfc71edf67c64b07ad9ad7ec2fb37

Download Submit
C:\Windows\System\ImPGUbU.exe

Filesize
1.3MB

MD5
71409344f2b8062e23a85f58e79b10eb

SHA1
48d3c051204750ef08ec14835d1e9de4f645200a

SHA256
21cc08c491f6b44713b8537541182a5e1d2e7b80c6770f97161572fc202e6449

SHA512
841cedbb7497c663f4400e024b944fa64dddc22d6534bcf146ad83e2687b22215655d98cfab6eafbecfcc17524e29b212a112202f85d67bbcd0db5985b2dbdb0

Download Submit
C:\Windows\System\JFmahgI.exe

Filesize
1.3MB

MD5
8122ee8f381bf82ba72a69df5c4b4fa1

SHA1
52bf148580760197ce9a41f7a279f8cb9d5c6aca

SHA256
bb5898b9d3ee34bf12307e8950ed530d3de136baf682c8b5ecfe117d0f18a794

SHA512
bf5ddac014d685d3ad0469ecbe821aa1505b23fa4d4eae671827fd498c3136c7b5cf5cef3b2d13f0f3088a0f84a47bbfbd1b594067ff29dcad1ba69fe9d67013

Download Submit
C:\Windows\System\JQMMCDw.exe

Filesize
1.2MB

MD5
cdcdb12114b7f5fd9b7c101890e424c5

SHA1
88756886a13cda7ace6b0a59ae73c4c878f77f6a

SHA256
a02b5abf47de2cead50c638b90d668ff976c83a745c29ee10982a3e5e491537d

SHA512
77621c6b8b5864b678f532a725fcb32a46f7115384970acbb65600b0b00a33d9e77b43851dda04acddfe20414bc9e28f24f9dc3855bcdbdf9c5eed0ad5d5e18c

Download Submit
C:\Windows\System\JxoRSoQ.exe

Filesize
1.2MB

MD5
96963a210c5b13c8501b6b98bc27eb0c

SHA1
7dab1bb0c0b9ac53ba2078d06db449b04e8ea333

SHA256
d430558be59a5111bd8eb6a2bb84b0c681ff8b2169718ef39586004c1cd20ca5

SHA512
38187127471a3eb4767891e1e4486076d3d5c87ce2da4e69b36510ab377a511abaa9d3d4b4bc89bcd5f1f39a2b2da8bd72ae4fb87cb897bd4f33a323baa90c83

Download Submit
C:\Windows\System\LKjpvlN.exe

Filesize
1.2MB

MD5
4e530ed63b154b3b61c0eaa699af1ae5

SHA1
3b71f738abe4958a651cb68615c7a1ae3cda34ca

SHA256
831da52fed45b05a921524460912084d0201ef9de9d91ef1709df0b5d6b99327

SHA512
c0cc82eca1636f6e325e974b57250ec9ff6a1623a2206bb4948e5b09cd14256c1945a4d2925ac8516bc44716ff476a3978fd1678e49ffdbc877e7b4c4a96f083

Download Submit
C:\Windows\System\NqsZfWr.exe

Filesize
1.3MB

MD5
01385cd7e6a289e0938f4dee85004ae9

SHA1
1e983c6dcf05cf1ee86e041a6de4b52d11c8f5be

SHA256
df774467fd61d2b1aa27db84c8faa0a1cbca8a6fbdd81e49c73b2f20b2675804

SHA512
396e474f1329b793b48a1fec8451394af93c94d8cf2c8ffc5d9ffc6227d8003a079d5ec03f289f06c306d4ea4415ac4bfd61d95624191423aa0560b638def40d

Download Submit
C:\Windows\System\OfSQYtS.exe

Filesize
1.3MB

MD5
10fc77cc50575c55bee74f7bf437918f

SHA1
3845205786b6231e9b154863a3d6b780119768ad

SHA256
bbbf0c2d81fb4843f250951d0d5b740bbd3c2e0e69e1b5b5b910278a292495d7

SHA512
badd1cca5d94b0eb50712c1bc687712414971e06c75505a28e6733e6a48756444f485b289b71456bae8f1463fb25175e1bf5c17c14e66976e37b2b503cf97bb7

Download Submit
C:\Windows\System\QHafDmq.exe

Filesize
1.3MB

MD5
eada4d652e4f89df80dbff39d753ff16

SHA1
2b90e0e51eae3b2bf027223636351fa583c3a0f8

SHA256
f9e40069a1275a6f20624da51ef3a697ed0c46d6e612b7a25d345b79f0490b5a

SHA512
3ce70b507e8ee9f566338899f920e346ae8991094c35f725fb92e144a920f0d7f5b232f2bc393bac2ab99e0500594de5067ce72e841a90eb011cea855b71e2d5

Download Submit
C:\Windows\System\QjimYTz.exe

Filesize
1.3MB

MD5
95fd09b5e6bd5e82ca33aea080eb4ab4

SHA1
070bad2ee1ed5e20c2ea09d0408a04a831725bb9

SHA256
faa3d7a0ce055562bbd2094a35958f093eaf8440ad9fee60fc964e6ffc92f759

SHA512
489c867ded6d83ec0b23dc853bf4f7c27f7269c17887bd22e5fc10094571cf78db638a25706c796a13db8f331631e2971f04bab63a8809b0879993fa974c7db4

Download Submit
C:\Windows\System\QyspqFd.exe

Filesize
1.3MB

MD5
8be2b875a425b1bd0acac64d0d336227

SHA1
ab58662660ff82f506e5e8a3114c0b9356202e04

SHA256
f3a46a54d48347d7afe2ed34062765209aa632b1f3e93bfcea48c37dd4d8466e

SHA512
a99988c19113dcabd97f25f4af37863a4d162a891aa53ce87ebd083d77a9a8e97223af6f9e707443e03db07841077228f930d60fd4a7c82aaea0531a496103f3

Download Submit
C:\Windows\System\RxpTJjY.exe

Filesize
1.3MB

MD5
81d3476c2aed9743e21da5ae37dbe2b6

SHA1
d2675b71dc48533423fb088a492ca4c03b5603e9

SHA256
39192bf913ebf9def605e876f2c81efcded4e2cf29ce53005fc0023c89739078

SHA512
eb83bc6861007d29d8100ff51452c17451c621329892e20e871243cc1633f54db843a3f5f348bc1f511483c13f6d52a693f6fa925a6aca2f435b53d443cc8c9f

Download Submit
C:\Windows\System\SykaDMl.exe

Filesize
1.3MB

MD5
3f31c86674557dfbe13b1c1ef45a84eb

SHA1
f6d0501581a7453c452f3b0512a2c8a60587ba7f

SHA256
41eac259d7c28add2134bd4627e52b43191c1a3b6a0b4be2c45b3f22696eab4a

SHA512
211423114fce910c69766cb54015c1b447015531794a302d7820b0969c6c8b1c3bccee7c10b0612d8983f610d0482ae822d7c40b88b700fbb5fd5f2a7621081d

Download Submit
C:\Windows\System\TQzPMjK.exe

Filesize
1.3MB

MD5
2e56851edf04da2cc261b1a22ce40bb0

SHA1
339ad01a46e221bb73b6513c63d8bca0afd19325

SHA256
d0f3843ed53e792735c407bd0455eaabde4295501d5a8006943d79aa36170bea

SHA512
a774df49676df9c63e4796138bf6e5207f2dd4731fbeb1f5d2d0b93e55194954a97e617fa8db15627940e8bc92bc98327dc9297a34581b7e65271e4c2ef0c1bb

Download Submit
C:\Windows\System\VXIkcrQ.exe

Filesize
1.3MB

MD5
c69843527f6e465d00f6a6fd07a94364

SHA1
1de39fcd7a030841a9f17ed52db98287a7da183d

SHA256
7c14d4275cd4ba2534c67109202070e7074006cb2b106e629c19b7f09b1bd991

SHA512
791dc9daa93b4168dcfb451361a1b0dc3aad3af3bd2e8a2f0f714d3d088e25ced40439ff7b860c1ad9b569448acfcd485a84d4206308e832e584b112b91b0dc2

Download Submit
C:\Windows\System\XRiFAFV.exe

Filesize
1.3MB

MD5
6217a121e0ef014c31727a005add3aad

SHA1
ae14f6387d9c674832e4b6e75bb2689eca62fae8

SHA256
42a72bad895e5d17304ba8c0cb73ef3e5f5cb5c2cbf4ee9c3581574c70a8f633

SHA512
e3a89ca9eb47ef6a45bd701a356469e2aeb6cea3b96cbf46cb22494d41c1c0d68ffee03d9f9637eb1cd14025319ff7f8a9f991d5c8f902dc80bfee98e98294ca

Download Submit
C:\Windows\System\XVROzEf.exe

Filesize
1.3MB

MD5
2563c5f3cb9c7706ef56cca606b4afe3

SHA1
9b13700a8854112c68cc04e7874176413df14842

SHA256
a70a390e544c75db7e074c09c6d7f3cd15856ecb1ac4b1f11895d9669118121d

SHA512
99adc24ab4a0f89dad97f72177549b1f59bb70eb9d6ca45a2311b286667f4e0ce55166e920d0219f3de340375a56c914e3b030358c0716ab1185b4b8d8aa5a9e

Download Submit
C:\Windows\System\YClLALQ.exe

Filesize
1.3MB

MD5
ad2aab409110e3f1062dd33b2f2192a8

SHA1
6548d53dcfacf4ef1a9bb42bca3f4a861d2c2b6c

SHA256
076b317cb27233b369c90a8b9255fbd8cf4c8ccb0bea4cd122e3f5c3fa37af5c

SHA512
43de41f48929728b51003196a8700a3020d1ab68ca49310ed364d375b3de56b6cc32dfebdae12f3617b5e24d2eee9a2bcd48615383d14aa71b830bdb7d7c67a2

Download Submit
C:\Windows\System\aPtgjPB.exe

Filesize
1.3MB

MD5
fbfa386d3fc3ec61825bed185b850809

SHA1
0c3dad530cc4cf5e23224171122d1b792853a6ed

SHA256
f5a68fc646f83051235c3313383ddbea18fb5f3f0637896c18d8857b5faf52f7

SHA512
485541dd3d0d8fd6ae8f965f7e2f38dbf117175388a36f77a817630d5960988e204dc1d7074469b06ec02a8b8ea5e2fa7882cfd148d4515feabe927486d180e3

Download Submit
C:\Windows\System\bRhFvby.exe

Filesize
1.3MB

MD5
09facd6a446f73ee3cb08d957b626a95

SHA1
b5d649e07ab173ba6b06dc0e473e5d9ba535824b

SHA256
38e8e2dd612d2cae060818e0e59f703f6e624b602f6ab5a7bfd939ecba546413

SHA512
fe43b7a50e9fc764988eea42b96ed4b09b6ac45df5f36fd87d5c83e6eb72aff67e70333b6eac08ceb3b88c56ad5d2f08aeae46a37089d39f00f4d29c43407ca5

Download Submit
C:\Windows\System\boWzGJg.exe

Filesize
1.3MB

MD5
ee9e8bbe9ef29f60525e42d2202c55b2

SHA1
d32cb084461d40bb409aee9e1ce61367c6a2cc36

SHA256
6f3aa92fee48ec118ccc8acca878ac090fc1859ba490d4d4ea871c7ca3f4d66f

SHA512
421436cad407fc4e06963451fa1df20ae86d99270fb99ffe0453c46e91c0241d2071919ffde1f5d20700d583088e2e0b244e634172ace213bdf60ec536fa6262

Download Submit
C:\Windows\System\cXOXSQo.exe

Filesize
1.3MB

MD5
ce3d170181b9dda9687b03a0c1f28887

SHA1
698a63de32d10eea04a776d9809b39cde151c7cf

SHA256
051839fa4adae1bc7476411da1935218ce8530c5fdec7ceb4074d730e9021839

SHA512
d2e4c61854466120b3a81636c8c876881e259a5865adc9e58ad85d830b06ff1dab9d967e2cf773ba0e47b0d5498f033fe468695184c18e4ee29a8b0b04166304

Download Submit
C:\Windows\System\dSqvMDM.exe

Filesize
1.3MB

MD5
4cf4ae5d65ec5f54c5ed50930cdf8e6c

SHA1
db02af656d26a61ddd5930ff6ab0d15cacb26a17

SHA256
c42d351590094a925d45f523804f617f1bc207c5bb801e0f93be4e65ed29fbc2

SHA512
cb0721d9f60549e65bca8baf7ca84f5ef40b03c35ed7fb42243b3dcd832351ffc568948ec822c812ea231c5dea53c0626cb5b8ad642e891c302446a6615da18a

Download Submit
C:\Windows\System\ediuibb.exe

Filesize
8B

MD5
03eb1b2ff4b4def96f0b54693062de10

SHA1
8cfc1601be2d7a63e4c50d545b9a36b02a1189b7

SHA256
39e6208b01e787fbc8e73b981e359cbde50312b1c652e1ac4d24a48effbb7d59

SHA512
8b37b1509ef4ff8868504f09589fa36c0575be0250f52668d651a9f2e44aee4533e2db8ecbddeda6fab3288d6e2bae8d91cf53866dc380ddf86dababd49d0480

Download Submit
C:\Windows\System\hSoFMAa.exe

Filesize
1.3MB

MD5
10a13f0c2fa6dd335e087bcea7d8f12e

SHA1
93c41872b7384334b150a4975a21e56dba5330dc

SHA256
48f2a47b1da2d94901f5f20f4526d40bef1b31b347a62f5ae8ee5fd254529d04

SHA512
242c882b895509468920d868fc2253321387886c98a630480535c8afe2d8ba50b4de3a3835045a511d17a84d05d157f84bc43c03dddd878686f02f3177d1a94f

Download Submit
C:\Windows\System\hdHKOUb.exe

Filesize
1.2MB

MD5
3b221246040e26de2aabeeb5ba40887f

SHA1
c780477da730a6f4b57554b5fa9698b53f135118

SHA256
54db3f5bfeb87cd5b2488aef03bbf00d7dfe82d545a7e626846b011b748034bd

SHA512
3112b175ab6e3d7d2e5ab1d56518eb1add814564196f0b2878d1cdf38308d260a6b3ddc2548fa4bef1eadda7776a1563a12f8359c0e2c1f7106a6171ab7fa683

Download Submit
C:\Windows\System\hfiXOUO.exe

Filesize
1.2MB

MD5
8c85635b6753d67afca53ac217a17e4a

SHA1
831443bf9daec3883aab9cc0f4a5a4047754c013

SHA256
beba46cfcfab7f70626c0d432ec4be9d54edeb0282c5fe993b77c4f894641536

SHA512
9184bc3f855ac956f943b1e3d35c03e52db94b7ce1bbe0459b353b6a5960f12c9182f858cbba17d0de4f65daa188e3b997a83def1ff1be39e5ab59368afe6550

Download Submit
C:\Windows\System\hvoJkzl.exe

Filesize
1.3MB

MD5
14adc795dc52096365e72bfc9e7d0801

SHA1
cde98182fd7f8049e79bec1f910d051aeea19812

SHA256
4f550c099e82982e82a1df2d8aec9bb0541ed0358af96fda2b0599f581c2adb2

SHA512
e32e7297940d5ba43ebafd2a5dc673df44cd76f633100cc778125096c21da5251028fdefeca43fe1f6505cb9ed82d9fb886159054273ca963a2f761f511f6cd8

Download Submit
C:\Windows\System\kVdVpii.exe

Filesize
1.2MB

MD5
902aefc29110d3de452a5c0b91c053c9

SHA1
7c4e84006d77c875e34412613af5221f5232710a

SHA256
64e594a87d2ece8e8d91361a23733114232167a581f452aa09b913a3b052876a

SHA512
ff9eb08641283cdb889798fd5b0c5974e609572250957e308e2482d2bd2fa94b825b94e5f52047fa097c6edeca24e39f47a8e8efd2d7dd4fd9b5f341dc3e033a

Download Submit
C:\Windows\System\lEmOBSl.exe

Filesize
1.3MB

MD5
2be3d70d583d56264a5286d294df5c2a

SHA1
af037dd3ab6793bf50bd6a1e6287b53a76721ce5

SHA256
4c7aea86e31fb112d0374b6cb15b4404090e880f2409d1563ed1e9c378d30c50

SHA512
247ea3f76643c575428b617b2b253115298c16d84eb3e87917031b0654093c496b6ebf327031166ba9309c1acd67c7f7b6df186c45d464144fef55aa6cbd8ffd

Download Submit
C:\Windows\System\ljChSoi.exe

Filesize
1.3MB

MD5
b5fd3d3b8901db82caa984c6202f1680

SHA1
78024c5baa2509896cfca953d2e681f9d795484d

SHA256
3179c6af9467017027cfd6cec78e4f9638a2400dcb5b1d5fcc927af9bdfe9f0c

SHA512
4a0ccf0338e73230045a07697d7c4607e5ba891710163db3694b4cd12809f07ce7e376849e29b341076c6cb4bf72127394e66375ef159a4485902e0b2024308f

Download Submit
C:\Windows\System\qpvkIFp.exe

Filesize
1.3MB

MD5
67ba1e7bae76de7e571724712d7a0574

SHA1
c6bf623007b212ed29c4cdb1af15979b48ae379c

SHA256
c42609a3f57487135caee87e48b31f96bbead94a307b52f1eeb7f2e6dcae1043

SHA512
6f69261555632be9c141751d9e96a3707024aa369adb243897a35bd7ef4ece74f8946fde1a692d578776ecf1e3b0d1b16f6ce9b10a30d5cff32313c7c2c947b4

Download Submit
C:\Windows\System\qtvTHSv.exe

Filesize
1.3MB

MD5
ae59731b55ee65e73dd29f25cb99b3c8

SHA1
619bb755231e6485d2e13050cf1b907ac2dfe141

SHA256
1148543e404de49fe262dfd08c3c15e100e9a9d34041e7f06305f2a1ea6d1ebd

SHA512
ccf46568f920dd7b5fceff3fa666cbc6d01f011a341f696fee269179e3a0a4b0664af957c617ec7041fc534b57795d087b36e927aa26a6abfacbd8c6374844d6

Download Submit
C:\Windows\System\rOZXBdN.exe

Filesize
1.3MB

MD5
dbcea6307db2b503faf50042949c70a5

SHA1
e7e82c064bb80004ba484de583086d595a321a18

SHA256
5442c876075a25d1ab0b8fb2a5edcfc18186cf1b25d774e779ba92144f25a82f

SHA512
e77a1c16c05fbbaccadf2885c0e01785929c13562905ad45090ddc9896706a9a6e1733df505ca7f28d555a532f638093d9aecf7e54a08c131e914053bde5189c

Download Submit
C:\Windows\System\rcwhLlh.exe

Filesize
1.3MB

MD5
9929a0a93ad3b292af59e2a44fa7febe

SHA1
86dab29b2b45c8107537bc848e3789ea57b1923f

SHA256
f0e7b4cd5c45b67c0c812f42120837d032d50f5a6ea5e9dcbdf7e866d3d007ff

SHA512
e6352674f57cab18979cc2338a84a597bedac3afce2502878a0903a8188faf014b9168f43d83cf5fc62f43ae46ce2150bae31d2dea520058db3e9abe828c4ada

Download Submit
C:\Windows\System\sPkLEVB.exe

Filesize
1.3MB

MD5
72ff99fb5a3b523ff90789fb040cdb01

SHA1
8c563eddc14312daabd578a767806fb7c4fdfd2e

SHA256
33aa169d35d2df5715c8ca0ae92546acf928ade649ab3efa589e1eb44215d08c

SHA512
14a22be83389a64579801441a62c736d26bf56131e4e49f29e6c3d48a25c6127a51e14e24cb08837ad2d9a124a53d97d1c0e0bc793d8235b78deb156249add6b

Download Submit
C:\Windows\System\sZBBWQo.exe

Filesize
1.2MB

MD5
5a142b520fd7978fe35562aef958d8b5

SHA1
be3b09c267189b5327e4f631bec96c5eade7b8ba

SHA256
2da8507b0dd5e8ed087bf8b6c5721fb0c83de7c08f86b72732bd4f1d2956d0e7

SHA512
6a8bf538a6b3e23de0865e3d132213b9a3733d95b0f846fa5c9d7843d7125fcdcbd67d4fc081a478552b147e7410343b24dd4cbbd85288587e7ae9518702e5a4

Download Submit
C:\Windows\System\sqcmgPA.exe

Filesize
1.3MB

MD5
a33867f8fb1fe6685cf0f4ee314880c5

SHA1
df3bc9dd8527f61ee9595b1acaca127060f8cf27

SHA256
cc08b5c1e5afdf06f907c1578ba2d28e5dee7db571b22369757d8772e5404afe

SHA512
e610c29b5ec4df371363daab31151ec34fb523b232891a2219e90ae3b42462bffb30ebbac86c4f8041fd121d8de45f9c1058f33d5abda45ed109d26283a61d51

Download Submit
C:\Windows\System\vKcRdXW.exe

Filesize
1.3MB

MD5
6346bd2bd687640cba89c491261d1281

SHA1
0a1f1f750b8847f7394ca473aadaa43b62a657b5

SHA256
64c3ce704edb42f8ffd25e8130c3d41a6356296c034138b09dd62b8f440598f9

SHA512
38c1e3af92bd0a298d3333c27ffaee4fd7fc213eaf6428253e989aa70694a1d918a7ecd605a4fff994c4afb219bf4e8f1823019ce4a36a6cc5127e6fab72b973

Download Submit
C:\Windows\System\wLryfkU.exe

Filesize
1.2MB

MD5
8a368bd2394b7a3129d8220b4b7850fc

SHA1
a1367274b4b916694f1483af4af5cbbb5090e896

SHA256
3a11e67ad61271bcec0063728d50a68d7bd38bc41d7a9bcc8509280b0cad4f54

SHA512
7470e2e4590682bc497425ff4dbf5903e8d270bf3744f84d91c36676ab59e083c6e398cbd98d2264e84e8f7ecc6260ce6ab9c91caee696490fdc568c95d2c179

Download Submit
C:\Windows\System\wYfWuMl.exe

Filesize
1.2MB

MD5
a82218986ba06e35e60baba0edc17e2e

SHA1
b06ed51398fe9db7b68cf375ab8eedd4e0a0b1ea

SHA256
eec714f0fcafebecde15db75d4af1fecf90af768b5b72035c5d46aed496e7b99

SHA512
73a71cfc3b5b39dc6dacbe89083c7bec5998b731343abbb6ee038c6cca17daa72c57a66c72b57cd8bcec71e205f0f14534761cc0de19d8f8db5a12af677a4d74

Download Submit
C:\Windows\System\xDrMtCh.exe

Filesize
1.3MB

MD5
d99a4da902d400e567d928022b63e2b1

SHA1
c81b26aba66dc4a172d53f0c2552e2ab01bbf322

SHA256
6d6788e099adbba4ffbeaf21c239a1f55af76ace464bc948a16fbbc41e6c2e46

SHA512
460a8187c395454286214971e399fdc829a72583854e0867fba554f2d77ae94856e47c48c0cf6a1ba6f4a57837cdf758616007949c4bf932b83610a87a2f16ae

Download Submit
C:\Windows\System\zSgoUfQ.exe

Filesize
1.3MB

MD5
7bb1dfcb4216a6779dc255aa34e1a72a

SHA1
612df42c223b42038e70358e7c03fc12d11afa90

SHA256
59288bd2ed1038d0f98a9271ccd5039c42132c46c3f09c555d09bc756a5298ce

SHA512
54be11999f2a35fae7c9267731582460f58d7027dbc10bf3136df5be0d99093f3c2d76436dc630f01e35ad5dd9314aee29a7ec9cf665be923f5dd11d78b900d5

Download Submit
C:\Windows\System\zsmFYuM.exe

Filesize
1.2MB

MD5
282ef2acf09a25abe7cdc0b60cc00c49

SHA1
a42fcc9283ad2ab66ae362f1518aac3f5d6e4414

SHA256
6e22f895ac7d9c62f19e23da9e93beef4fed76c9b01da44c19ee9b3f77372b08

SHA512
3b31ddcc06c762df5bf49ae334740fbcd149a6e9fc24c7149452687e517aa44eb217ad39a75bcfd6aaaeeea7dfd48f1d10904f4d21c59693f388c5e54928f05b

Download Submit
memory/228-62-0x00007FF67E270000-0x00007FF67E662000-memory.dmp

Filesize
3.9MB

Download
memory/228-3047-0x00007FF67E270000-0x00007FF67E662000-memory.dmp

Filesize
3.9MB

Download
memory/820-176-0x00007FF6DB9D0000-0x00007FF6DBDC2000-memory.dmp

Filesize
3.9MB

Download
memory/820-3046-0x00007FF6DB9D0000-0x00007FF6DBDC2000-memory.dmp

Filesize
3.9MB

Download
memory/1684-1702-0x00007FF78DA90000-0x00007FF78DE82000-memory.dmp

Filesize
3.9MB

Download
memory/1684-3086-0x00007FF78DA90000-0x00007FF78DE82000-memory.dmp

Filesize
3.9MB

Download
memory/2080-3049-0x00007FF60FC20000-0x00007FF610012000-memory.dmp

Filesize
3.9MB

Download
memory/2080-714-0x00007FF60FC20000-0x00007FF610012000-memory.dmp

Filesize
3.9MB

Download
memory/2384-3087-0x00007FF7F4840000-0x00007FF7F4C32000-memory.dmp

Filesize
3.9MB

Download
memory/2384-1694-0x00007FF7F4840000-0x00007FF7F4C32000-memory.dmp

Filesize
3.9MB

Download
memory/2460-3031-0x00007FF7EAD70000-0x00007FF7EB162000-memory.dmp

Filesize
3.9MB

Download
memory/2460-44-0x00007FF7EAD70000-0x00007FF7EB162000-memory.dmp

Filesize
3.9MB

Download
memory/2472-515-0x00007FF7E7460000-0x00007FF7E7852000-memory.dmp

Filesize
3.9MB

Download
memory/2472-3054-0x00007FF7E7460000-0x00007FF7E7852000-memory.dmp

Filesize
3.9MB

Download
memory/3024-784-0x00007FF645770000-0x00007FF645B62000-memory.dmp

Filesize
3.9MB

Download
memory/3024-3072-0x00007FF645770000-0x00007FF645B62000-memory.dmp

Filesize
3.9MB

Download
memory/3104-731-0x00007FF754F10000-0x00007FF755302000-memory.dmp

Filesize
3.9MB

Download
memory/3104-3084-0x00007FF754F10000-0x00007FF755302000-memory.dmp

Filesize
3.9MB

Download
memory/3272-71-0x00007FF7633E0000-0x00007FF7637D2000-memory.dmp

Filesize
3.9MB

Download
memory/3272-3039-0x00007FF7633E0000-0x00007FF7637D2000-memory.dmp

Filesize
3.9MB

Download
memory/3332-16-0x00007FF76FF70000-0x00007FF770362000-memory.dmp

Filesize
3.9MB

Download
memory/3332-3029-0x00007FF76FF70000-0x00007FF770362000-memory.dmp

Filesize
3.9MB

Download
memory/4004-117-0x00007FF6EFFB0000-0x00007FF6F03A2000-memory.dmp

Filesize
3.9MB

Download
memory/4004-3041-0x00007FF6EFFB0000-0x00007FF6F03A2000-memory.dmp

Filesize
3.9MB

Download
memory/4072-607-0x00007FF700E40000-0x00007FF701232000-memory.dmp

Filesize
3.9MB

Download
memory/4072-3061-0x00007FF700E40000-0x00007FF701232000-memory.dmp

Filesize
3.9MB

Download
memory/4368-3067-0x00007FF6790D0000-0x00007FF6794C2000-memory.dmp

Filesize
3.9MB

Download
memory/4368-1589-0x00007FF6790D0000-0x00007FF6794C2000-memory.dmp

Filesize
3.9MB

Download
memory/4448-0-0x00007FF7563A0000-0x00007FF756792000-memory.dmp

Filesize
3.9MB

Download
memory/4448-1-0x000001F24A150000-0x000001F24A160000-memory.dmp

Filesize
64KB

Download
memory/4500-3033-0x00007FF751290000-0x00007FF751682000-memory.dmp

Filesize
3.9MB

Download
memory/4500-41-0x00007FF751290000-0x00007FF751682000-memory.dmp

Filesize
3.9MB

Download
memory/4544-3044-0x00007FF7E1A00000-0x00007FF7E1DF2000-memory.dmp

Filesize
3.9MB

Download
memory/4772-398-0x00007FF6B96F0000-0x00007FF6B9AE2000-memory.dmp

Filesize
3.9MB

Download
memory/4772-3052-0x00007FF6B96F0000-0x00007FF6B9AE2000-memory.dmp

Filesize
3.9MB

Download
memory/4960-225-0x00007FF7C2B00000-0x00007FF7C2EF2000-memory.dmp

Filesize
3.9MB

Download
memory/4960-3036-0x00007FF7C2B00000-0x00007FF7C2EF2000-memory.dmp

Filesize
3.9MB

Download
memory/5016-3037-0x00007FF73D4D0000-0x00007FF73D8C2000-memory.dmp

Filesize
3.9MB

Download
memory/5016-303-0x00007FF73D4D0000-0x00007FF73D8C2000-memory.dmp

Filesize
3.9MB

Download
memory/5040-3089-0x00007FF784690000-0x00007FF784A82000-memory.dmp

Filesize
3.9MB

Download
memory/5040-403-0x00007FF784690000-0x00007FF784A82000-memory.dmp

Filesize
3.9MB

Download
memory/5112-3071-0x00007FF689A30000-0x00007FF689E22000-memory.dmp

Filesize
3.9MB

Download
memory/5112-959-0x00007FF689A30000-0x00007FF689E22000-memory.dmp

Filesize
3.9MB

Download